· 6 years ago · Oct 25, 2019, 01:56 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname www.nikkei-buturyu.co.jp ISP Softbank BB Corp.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 25 Oct 2019 08:35 JST
8City Unknown Postal Code Unknown
9IP Address 219.101.223.158 Latitude 35.69
10 Longitude 139.69
11
12======================================================================================================================================
13######################################################################################################################################
14> www.nikkei-buturyu.co.jp
15Server: 185.93.180.131
16Address: 185.93.180.131#53
17
18Non-authoritative answer:
19www.nikkei-buturyu.co.jp canonical name = www1.nikkei-buturyu.co.jp.
20Name: www1.nikkei-buturyu.co.jp
21Address: 219.101.223.158
22>
23######################################################################################################################################
24[ JPRS database provides information on network administration. Its use is ]
25[ restricted to network administration purposes. For further information, ]
26[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
27[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
28
29Domain Information:
30a. [Domain Name] NIKKEI-BUTURYU.CO.JP
31g. [Organization] Nikkeibuturyu Corporation
32l. [Organization Type] Company
33m. [Administrative Contact] HK2078JP
34n. [Technical Contact] HK2078JP
35p. [Name Server] ns.nikkeikin.co.jp
36p. [Name Server] ns2.iprevolution.co.jp
37p. [Name Server] ns2.nikkeikin.co.jp
38p. [Name Server] ns3.nikkeikin.co.jp
39s. [Signing Key]
40[State] Connected (2020/02/29)
41[Registered Date] 1999/02/08
42[Connected Date] 1999/02/25
43[Last Update] 2019/10/11 16:10:03 (JST)
44######################################################################################################################################
45[i] Scanning Site: https://219.101.223.158
46
47
48
49B A S I C I N F O
50====================
51
52
53[+] Site Title:
54[+] IP address: 219.101.223.158
55[+] Web Server: Could Not Detect
56[+] CMS: Could Not Detect
57[+] Cloudflare: Not Detected
58[+] Robots File: Could NOT Find robots.txt!
59
60
61
62
63W H O I S L O O K U P
64========================
65
66 [ JPNIC database provides information regarding IP address and ASN. Its use ]
67[ is restricted to network administration purposes. For further information, ]
68[ use 'whois -h whois.nic.ad.jp help'. To only display English output, ]
69[ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
70
71Network Information:
72a. [Network Number] 219.101.223.128/26
73b. [Network Name] NLM-NET-FIP
74g. [Organization] Nippon Light Metal Company,Ltd.
75m. [Administrative Contact] KO340JP
76n. [Technical Contact] KO340JP
77p. [Nameserver]
78[Assigned Date] 2004/11/04
79[Return Date]
80[Last Update] 2012/10/17 11:32:05(JST)
81
82Less Specific Info.
83----------
84SoftBank Corp.
85 [Allocation] 219.101.128.0/17
86SOFTBANK TELECOM Corp.
87 SUBA-440-188 [Sub Allocation] 219.101.223.0/24
88
89More Specific Info.
90----------
91No match!!
92
93
94
95
96G E O I P L O O K U P
97=========================
98
99[i] IP Address: 219.101.223.158
100[i] Country: Japan
101[i] State:
102[i] City:
103[i] Latitude: 35.69
104[i] Longitude: 139.69
105
106
107
108S U B N E T C A L C U L A T I O N
109====================================
110
111Address = 219.101.223.158
112Network = 219.101.223.158 / 32
113Netmask = 255.255.255.255
114Broadcast = not needed on Point-to-Point links
115Wildcard Mask = 0.0.0.0
116Hosts Bits = 0
117Max. Hosts = 1 (2^0 - 0)
118Host Range = { 219.101.223.158 - 219.101.223.158 }
119
120
121
122N M A P P O R T S C A N
123============================
124
125Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-24 23:42 UTC
126Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
127Host is up (0.17s latency).
128
129PORT STATE SERVICE
13021/tcp filtered ftp
13122/tcp filtered ssh
13223/tcp filtered telnet
13380/tcp open http
134110/tcp filtered pop3
135143/tcp filtered imap
136443/tcp open https
1373389/tcp filtered ms-wbt-server
138
139Nmap done: 1 IP address (1 host up) scanned in 3.30 seconds
140######################################################################################################################################
141[INFO] ------TARGET info------
142[*] TARGET: https://www.nikkei-buturyu.co.jp/
143[*] TARGET IP: 219.101.223.158
144[INFO] NO load balancer detected for www.nikkei-buturyu.co.jp...
145[*] DNS servers: www1.nikkei-buturyu.co.jp. ns.nikkeikin.co.jp.
146[*] TARGET server: Apache
147[*] CC: JP
148[*] Country: Japan
149[*] RegionCode: 13
150[*] RegionName: Tokyo
151[*] City: Chiyoda
152[*] ASN: AS17676
153[*] BGP_PREFIX: 219.101.128.0/17
154[*] ISP: GIGAINFRA Softbank BB Corp., JP
155[INFO] SSL/HTTPS certificate detected
156unable to load certificate
157140023748494528:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
158unable to load certificate
159140659254650048:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
160[INFO] DNS enumeration:
161[INFO] Possible abuse mails are:
162[*] abuse@nikkei-buturyu.co.jp
163[*] abuse@ultina.softbanktelecom.co.jp
164[*] abuse@www.nikkei-buturyu.co.jp
165[INFO] NO PAC (Proxy Auto Configuration) file FOUND
166[INFO] Starting FUZZing in http://www.nikkei-buturyu.co.jp/FUzZzZzZzZz...
167[INFO] Status code Folders
168[*] 302 http://www.nikkei-buturyu.co.jp/index
169[*] 302 http://www.nikkei-buturyu.co.jp/images
170[*] 302 http://www.nikkei-buturyu.co.jp/download
171[*] 302 http://www.nikkei-buturyu.co.jp/2006
172[*] 302 http://www.nikkei-buturyu.co.jp/news
173[*] 302 http://www.nikkei-buturyu.co.jp/crack
174[*] 302 http://www.nikkei-buturyu.co.jp/serial
175[*] 302 http://www.nikkei-buturyu.co.jp/warez
176[*] 302 http://www.nikkei-buturyu.co.jp/full
177[*] 302 http://www.nikkei-buturyu.co.jp/12
178[INFO] NO passwords found in source code
179[INFO] SAME content in http://www.nikkei-buturyu.co.jp/ AND http://219.101.223.158/
180[INFO] Links found from https://www.nikkei-buturyu.co.jp/:
181[*] https://job.career-tasu.jp/2018/corp/00054087/entry/input/NA0001/?cid=polnk18_01_170301
182[*] https://www.nikkei-buturyu.co.jp/about/about.html
183[*] https://www.nikkei-buturyu.co.jp/about/branch.html
184[*] https://www.nikkei-buturyu.co.jp/about/index.html
185[*] https://www.nikkei-buturyu.co.jp/about/message.html
186[*] https://www.nikkei-buturyu.co.jp/about/philosophy.html
187[*] https://www.nikkei-buturyu.co.jp/contact/index.html
188[*] https://www.nikkei-buturyu.co.jp/environment/index.html
189[*] https://www.nikkei-buturyu.co.jp/grouplink/index.html
190[*] https://www.nikkei-buturyu.co.jp/index.html
191[*] https://www.nikkei-buturyu.co.jp/news/atom.xml
192[*] https://www.nikkei-buturyu.co.jp/news/index.html
193[*] https://www.nikkei-buturyu.co.jp/policy.html
194[*] https://www.nikkei-buturyu.co.jp/privacy.html
195[*] https://www.nikkei-buturyu.co.jp/prospectus/index.html
196[*] https://www.nikkei-buturyu.co.jp/prospectus/international.html
197[*] https://www.nikkei-buturyu.co.jp/prospectus/pallete.html
198[*] https://www.nikkei-buturyu.co.jp/prospectus/prospectus.html
199[*] https://www.nikkei-buturyu.co.jp/prospectus/special.html
200[*] https://www.nikkei-buturyu.co.jp/prospectus/suggest.html
201[*] https://www.nikkei-buturyu.co.jp/prospectus/system.html
202[*] https://www.nikkei-buturyu.co.jp/recruitment/career.html
203[*] https://www.nikkei-buturyu.co.jp/recruitment/index.html
204[*] https://www.nikkei-buturyu.co.jp/recruitment/new-employee.html
205[*] https://www.nikkei-buturyu.co.jp/recruitment/senior.html
206[*] https://www.nikkei-buturyu.co.jp/safety/index.html
207[*] https://www.nikkei-buturyu.co.jp/safety/index.html#safe01
208[*] https://www.nikkei-buturyu.co.jp/safety/index.html#safe02
209[*] https://www.nikkei-buturyu.co.jp/safety/index.html#safe05
210[*] https://www.nikkei-buturyu.co.jp/safety/index.html#safe07
211[*] https://www.nikkei-buturyu.co.jp/sitemap.html
212[*] https://www.nikkei-buturyu.co.jp/#top
213[*] http://ten.1049.cc/tp/nikkei-buturyu/
214[INFO] GOOGLE has 48,900 results (0.17 seconds) about http://www.nikkei-buturyu.co.jp/
215[INFO] BING shows 219.101.223.158 is shared with 14 hosts/vhosts
216[INFO] Shodan detected the following opened ports on 219.101.223.158:
217[*] 443
218[*] 80
219[INFO] ------VirusTotal SECTION------
220[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
221[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
222[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
223[INFO] ------Alexa Rank SECTION------
224[INFO] Percent of Visitors Rank in Country:
225[INFO] Percent of Search Traffic:
226[INFO] Percent of Unique Visits:
227[INFO] Total Sites Linking In:
228[*] Total Sites
229[INFO] Useful links related to www.nikkei-buturyu.co.jp - 219.101.223.158:
230[*] https://www.virustotal.com/pt/ip-address/219.101.223.158/information/
231[*] https://www.hybrid-analysis.com/search?host=219.101.223.158
232[*] https://www.shodan.io/host/219.101.223.158
233[*] https://www.senderbase.org/lookup/?search_string=219.101.223.158
234[*] https://www.alienvault.com/open-threat-exchange/ip/219.101.223.158
235[*] http://pastebin.com/search?q=219.101.223.158
236[*] http://urlquery.net/search.php?q=219.101.223.158
237[*] http://www.alexa.com/siteinfo/www.nikkei-buturyu.co.jp
238[*] http://www.google.com/safebrowsing/diagnostic?site=www.nikkei-buturyu.co.jp
239[*] https://censys.io/ipv4/219.101.223.158
240[*] https://www.abuseipdb.com/check/219.101.223.158
241[*] https://urlscan.io/search/#219.101.223.158
242[*] https://github.com/search?q=219.101.223.158&type=Code
243[INFO] Useful links related to AS17676 - 219.101.128.0/17:
244[*] http://www.google.com/safebrowsing/diagnostic?site=AS:17676
245[*] https://www.senderbase.org/lookup/?search_string=219.101.128.0/17
246[*] http://bgp.he.net/AS17676
247[*] https://stat.ripe.net/AS17676
248[INFO] Date: 24/10/19 | Time: 19:44:48
249[INFO] Total time: 2 minute(s) and 0 second(s)
250#######################################################################################################################################
251Trying "nikkei-buturyu.co.jp"
252;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64959
253;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 4
254
255;; QUESTION SECTION:
256;nikkei-buturyu.co.jp. IN ANY
257
258;; ANSWER SECTION:
259nikkei-buturyu.co.jp. 28800 IN SOA ns.nikkeikin.co.jp. admin-nlm.nikkeikin.co.jp. 2015112062 3600 1800 4838400 900
260nikkei-buturyu.co.jp. 900 IN TXT "v=spf1 ip4:218.45.235.0/27 ip4:219.101.223.128/26 ip4:61.195.104.128/26 -all"
261nikkei-buturyu.co.jp. 900 IN MX 50 mailagate01.nikkeikin.co.jp.
262nikkei-buturyu.co.jp. 900 IN MX 10 mailfgate02.nikkeikin.co.jp.
263nikkei-buturyu.co.jp. 900 IN MX 100 mailgate02.nikkeikin.co.jp.
264nikkei-buturyu.co.jp. 28800 IN NS ns2.iprevolution.co.jp.
265nikkei-buturyu.co.jp. 28800 IN NS ns2.nikkeikin.co.jp.
266nikkei-buturyu.co.jp. 28800 IN NS ns3.nikkeikin.co.jp.
267nikkei-buturyu.co.jp. 28800 IN NS ns.nikkeikin.co.jp.
268
269;; AUTHORITY SECTION:
270nikkei-buturyu.co.jp. 28800 IN NS ns.nikkeikin.co.jp.
271nikkei-buturyu.co.jp. 28800 IN NS ns3.nikkeikin.co.jp.
272nikkei-buturyu.co.jp. 28800 IN NS ns2.nikkeikin.co.jp.
273nikkei-buturyu.co.jp. 28800 IN NS ns2.iprevolution.co.jp.
274
275;; ADDITIONAL SECTION:
276ns2.nikkeikin.co.jp. 7239 IN A 219.101.223.132
277ns.nikkeikin.co.jp. 7239 IN A 218.45.235.2
278ns2.iprevolution.co.jp. 43129 IN A 61.115.192.18
279ns3.nikkeikin.co.jp. 7239 IN A 61.195.104.132
280
281Received 470 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 228 ms
282######################################################################################################################################
283
284; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace nikkei-buturyu.co.jp
285;; global options: +cmd
286. 80876 IN NS b.root-servers.net.
287. 80876 IN NS g.root-servers.net.
288. 80876 IN NS m.root-servers.net.
289. 80876 IN NS e.root-servers.net.
290. 80876 IN NS a.root-servers.net.
291. 80876 IN NS f.root-servers.net.
292. 80876 IN NS l.root-servers.net.
293. 80876 IN NS k.root-servers.net.
294. 80876 IN NS i.root-servers.net.
295. 80876 IN NS h.root-servers.net.
296. 80876 IN NS d.root-servers.net.
297. 80876 IN NS c.root-servers.net.
298. 80876 IN NS j.root-servers.net.
299. 80876 IN RRSIG NS 8 0 518400 20191106170000 20191024160000 22545 . A+zuBIrCB00SLggnHhVG3YRodf5bYY3GBWGmpEpuHwWkvpA6h/01xgPx lpp8IsbTTRg7llCASsElmRSIMyCnGcvuphcmhr9r6/5L+oFIdLAHLztt mnrFVnWsOtlMCk758M/yNaRj9J1OPuiLcGF6vqTEOnlX7Ws/3/8bww44 d+zMdTpWNI4h324w0b4weiAMhQNiDGHV6qGncoAXEw1xQHEmJ6Klvanr gXqrSZhChZx4f7167+8EDrYdbx4yo1k474hFoKY3LRaVRj4LzW5rV5lE M4JLODgCrsVxme0AN4DDxlBn2TiE5fEPu3kGMWBFkBiwsxkPVeuAgEQ6 RRi5sQ==
300;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 248 ms
301
302jp. 172800 IN NS a.dns.jp.
303jp. 172800 IN NS b.dns.jp.
304jp. 172800 IN NS c.dns.jp.
305jp. 172800 IN NS d.dns.jp.
306jp. 172800 IN NS e.dns.jp.
307jp. 172800 IN NS f.dns.jp.
308jp. 172800 IN NS g.dns.jp.
309jp. 172800 IN NS h.dns.jp.
310jp. 86400 IN DS 54004 8 1 0EC348CC7E6D3213CC89E5867088043FC7D5C111
311jp. 86400 IN DS 54004 8 2 5F4B24F667BC70880720D10DF317DC8FF80C63E586D504E6BBFE53F0 B9ECC040
312jp. 86400 IN RRSIG DS 8 1 86400 20191106170000 20191024160000 22545 . FeTVJ9+SPe/19IYOn/y+OVdwFIB6OmXzxv1UKkpvsB4G80y5+TSQIwLI dEjtVxffryRz78xNvpCVTpPHet4KSTldQznN1kZms6C2dztn0TRaXZTd UVhX71YseGlkOmWkyvuELZQc28w0sNxQvhXERXJk7WMozksEVsBiO3fP cILkD9fpMIAVvd4cJJvXpwLOtJRPfyIVTJgw19elqRO6yrRT6w1PSVfM Ry7j/zsrIQESrcSABHNixQuAl04Y4M6iahoJt0QKa1nYCYE81qPgPKZb 81cRvl5EOdsgZ1htgVDppKVG/PQPukLnqg/Rq7GiiwzS2FsUwo67SYf1 ensJxQ==
313;; Received 876 bytes from 2001:500:9f::42#53(l.root-servers.net) in 38 ms
314
315nikkei-buturyu.co.jp. 86400 IN NS ns2.nikkeikin.co.jp.
316nikkei-buturyu.co.jp. 86400 IN NS ns2.iprevolution.co.jp.
317nikkei-buturyu.co.jp. 86400 IN NS ns3.nikkeikin.co.jp.
318nikkei-buturyu.co.jp. 86400 IN NS ns.nikkeikin.co.jp.
31910AJ89VFDKTNVMENGU3UTR3GAE8798HU.jp. 900 IN NSEC3 1 1 8 2835A5ACB6 10FSUGN80C02BE5NBMM5DJJBMG2QBNIC TXT RRSIG
32010AJ89VFDKTNVMENGU3UTR3GAE8798HU.jp. 900 IN RRSIG NSEC3 8 2 900 20191118174502 20191019174502 19311 jp. sXF/xWFSvROIyAPBrbUXw8sNruccPDcDtfptXpYXLtt6rv0oqEajLajR ELsNO5FWVQvuMeDqSqGzlATi0KCh72JSCaRF9/y3dT5tJEIFRcpGCrgQ EKMUvixdPfiJtMnHMw3bmccu3Oc3cb+5LkR/VbNA1nvqK1VyyDA/fb5D X3M=
321AS10RMAPA1KT7P8GK6P0DRU1KO0R9GKI.jp. 900 IN NSEC3 1 1 8 2835A5ACB6 AT51E8A5DFFAVTMER90N8S38U88H5UOO TXT RRSIG
322AS10RMAPA1KT7P8GK6P0DRU1KO0R9GKI.jp. 900 IN RRSIG NSEC3 8 2 900 20191118174502 20191019174502 19311 jp. IBUyL5/czUvT53zrm6D/weZDPGgJo4rGpi1sY6RWq/XzybEeE0gdJrSw aHOj5Tkrp9fJuHLua1zByDlxvA0yXcfRI6BJ6E54LnKRR49d6LY/jp8f j/WAU3SM4dge8kO4+/lPivvJZFuNZGrSQ6lMy3CBGCR2HUFD85lZ8Kml gDc=
323;; Received 727 bytes from 210.138.175.244#53(d.dns.jp) in 209 ms
324
325nikkei-buturyu.co.jp. 900 IN SOA ns.nikkeikin.co.jp. admin-nlm.nikkeikin.co.jp. 2015112062 3600 1800 4838400 900
326;; Received 108 bytes from 61.195.104.132#53(ns3.nikkeikin.co.jp) in 533 ms
327######################################################################################################################################
328[*] Performing General Enumeration of Domain: nikkei-buturyu.co.jp
329[-] DNSSEC is not configured for nikkei-buturyu.co.jp
330[*] SOA ns.nikkeikin.co.jp 218.45.235.2
331[*] NS ns.nikkeikin.co.jp 218.45.235.2
332[*] NS ns2.iprevolution.co.jp 61.115.192.18
333[*] NS ns3.nikkeikin.co.jp 61.195.104.132
334[*] NS ns2.nikkeikin.co.jp 219.101.223.132
335[*] MX mailgate02.nikkeikin.co.jp 218.45.235.16
336[*] MX mailagate01.nikkeikin.co.jp 61.195.104.133
337[*] MX mailfgate02.nikkeikin.co.jp 219.101.223.146
338[*] TXT nikkei-buturyu.co.jp v=spf1 ip4:218.45.235.0/27 ip4:219.101.223.128/26 ip4:61.195.104.128/26 -all
339[*] Enumerating SRV Records
340[-] No SRV Records Found for nikkei-buturyu.co.jp
341[+] 0 Records Found
342######################################################################################################################################
343[*] Processing domain nikkei-buturyu.co.jp
344[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
345[+] Getting nameservers
346218.45.235.2 - ns.nikkeikin.co.jp
34761.115.192.18 - ns2.iprevolution.co.jp
34861.195.104.132 - ns3.nikkeikin.co.jp
349219.101.223.132 - ns2.nikkeikin.co.jp
350[-] Zone transfer failed
351
352[+] TXT records found
353"v=spf1 ip4:218.45.235.0/27 ip4:219.101.223.128/26 ip4:61.195.104.128/26 -all"
354
355[+] MX records found, added to target list
356100 mailgate02.nikkeikin.co.jp.
35750 mailagate01.nikkeikin.co.jp.
35810 mailfgate02.nikkeikin.co.jp.
359
360[*] Scanning nikkei-buturyu.co.jp for A records
361219.101.223.158 - www.nikkei-buturyu.co.jp
362219.101.223.158 - www1.nikkei-buturyu.co.jp
363######################################################################################################################################
364
365 AVAILABLE PLUGINS
366 -----------------
367
368 HeartbleedPlugin
369 RobotPlugin
370 OpenSslCipherSuitesPlugin
371 CompressionPlugin
372 FallbackScsvPlugin
373 HttpHeadersPlugin
374 SessionRenegotiationPlugin
375 OpenSslCcsInjectionPlugin
376 SessionResumptionPlugin
377 EarlyDataPlugin
378 CertificateInfoPlugin
379
380
381
382 CHECKING HOST(S) AVAILABILITY
383 -----------------------------
384
385 219.101.223.158:443 => 219.101.223.158
386
387
388
389
390 SCAN RESULTS FOR 219.101.223.158:443 - 219.101.223.158
391 ------------------------------------------------------
392
393 * TLSV1_3 Cipher Suites:
394 Server rejected all cipher suites.
395
396 * Certificate Information:
397 Content
398 SHA1 Fingerprint: 0d10964bfccc42aee57c77fc12cf3521117883a8
399 Common Name: www.nikkeikin.co.jp
400 Issuer: GlobalSign RSA OV SSL CA 2018
401 Serial Number: 19501337899264797371690451027
402 Not Before: 2019-09-01 23:56:04
403 Not After: 2020-01-30 06:46:04
404 Signature Algorithm: sha256
405 Public Key Algorithm: RSA
406 Key Size: 2048
407 Exponent: 65537 (0x10001)
408 DNS Subject Alternative Names: ['www.nikkeikin.co.jp', 'www.nikkeikin.com', 'cn.nikkeikin.com', 'www.nikkeikinholdings.co.jp', 'www.nikkeikinholdings.com', 'cn.nikkeikinholdings.com', 'www.arumi-reinetsu.co.jp', 'www.excad.jp', 'www.nikkei-buturyu.co.jp', 'www.nikkei-metal.co.jp', 'www.nlm-ecal.co.jp', 'www.nlmna.com', 'www.shisaku.com', 'www.toyal.co.jp', 'www.fruehauf.co.jp', 'www.rikenkeikinzoku.co.jp', 'www.nikkeisangyo.co.jp', 'www.nfh-partssales.jp', 'nikkeikin.co.jp']
409
410 Trust
411 Hostname Validation: FAILED - Certificate does NOT match 219.101.223.158
412 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: ok
413 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: ok
414 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: ok
415 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: ok
416 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: ok
417 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
418 Received Chain: www.nikkeikin.co.jp --> GlobalSign RSA OV SSL CA 2018
419 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
420 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
421 Received Chain Order: OK - Order is valid
422 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
423
424 Extensions
425 OCSP Must-Staple: NOT SUPPORTED - Extension not found
426 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
427
428 OCSP Stapling
429 NOT SUPPORTED - Server did not send back an OCSP response
430
431 * OpenSSL Heartbleed:
432 OK - Not vulnerable to Heartbleed
433
434 * TLSV1_1 Cipher Suites:
435 Server rejected all cipher suites.
436
437 * Deflate Compression:
438 VULNERABLE - Server supports Deflate compression
439
440 * TLSV1_2 Cipher Suites:
441 Server rejected all cipher suites.
442
443 * Downgrade Attacks:
444 TLS_FALLBACK_SCSV: VULNERABLE - Signaling cipher suite not supported
445
446 * TLS 1.2 Session Resumption Support:
447 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
448 With TLS Tickets: OK - Supported
449
450 * TLSV1 Cipher Suites:
451 Forward Secrecy OK - Supported
452 RC4 INSECURE - Supported
453
454 Preferred:
455 None - Server followed client cipher suite preference.
456 Accepted:
457 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 200 OK
458 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 200 OK
459 TLS_RSA_WITH_DES_CBC_SHA 56 bits HTTP 200 OK
460 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
461 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
462 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
463 TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits HTTP 200 OK
464 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 40 bits HTTP 200 OK
465 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits HTTP 200 OK
466 TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits HTTP 200 OK
467 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
468 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
469 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
470 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits HTTP 200 OK
471
472 * Session Renegotiation:
473 Client-initiated Renegotiation: OK - Rejected
474 Secure Renegotiation: OK - Supported
475
476 * OpenSSL CCS Injection:
477 OK - Not vulnerable to OpenSSL CCS injection
478
479 * SSLV2 Cipher Suites:
480 Forward Secrecy INSECURE - Not Supported
481 RC4 INSECURE - Supported
482
483 Preferred:
484 None - Server followed client cipher suite preference.
485 Accepted:
486 SSL_CK_RC4_128_WITH_MD5 128 bits HTTP 200 OK
487 SSL_CK_RC4_128_EXPORT40_WITH_MD5 40 bits HTTP 200 OK
488 SSL_CK_RC2_128_CBC_WITH_MD5 128 bits HTTP 200 OK
489 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 40 bits HTTP 200 OK
490 SSL_CK_DES_64_CBC_WITH_MD5 56 bits HTTP 200 OK
491 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 112 bits HTTP 200 OK
492
493 * SSLV3 Cipher Suites:
494 Forward Secrecy OK - Supported
495 RC4 INSECURE - Supported
496
497 Preferred:
498 None - Server followed client cipher suite preference.
499 Accepted:
500 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 200 OK
501 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 200 OK
502 TLS_RSA_WITH_DES_CBC_SHA 56 bits HTTP 200 OK
503 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
504 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
505 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
506 TLS_RSA_EXPORT_WITH_RC4_40_MD5 40 bits HTTP 200 OK
507 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 40 bits HTTP 200 OK
508 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits HTTP 200 OK
509 TLS_DHE_RSA_WITH_DES_CBC_SHA 56 bits HTTP 200 OK
510 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
511 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
512 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
513 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 40 bits HTTP 200 OK
514
515 * ROBOT Attack:
516 OK - Not vulnerable
517
518
519 SCAN COMPLETED IN 59.93 S
520 -------------------------
521######################################################################################################################################
522
523Domains still to check: 1
524 Checking if the hostname nikkei-buturyu.co.jp. given is in fact a domain...
525
526Analyzing domain: nikkei-buturyu.co.jp.
527 Checking NameServers using system default resolver...
528 IP: 218.45.235.2 (Japan)
529 HostName: ns.nikkeikin.co.jp Type: NS
530 HostName: ns.nikkeikin.co.jp Type: PTR
531 IP: 61.115.192.18 (Japan)
532 HostName: ns2.iprevolution.co.jp Type: NS
533 HostName: ns2.iprevolution.co.jp Type: PTR
534 IP: 61.195.104.132 (Japan)
535 HostName: ns3.nikkeikin.co.jp Type: NS
536 HostName: ns3.nikkeikin.co.jp Type: PTR
537 IP: 219.101.223.132 (Japan)
538 HostName: ns2.nikkeikin.co.jp Type: NS
539 HostName: ns2.nikkeikin.co.jp Type: PTR
540
541 Checking MailServers using system default resolver...
542 IP: 218.45.235.16 (Japan)
543 HostName: mailgate02.nikkeikin.co.jp Type: MX
544 HostName: mailgate02.nikkeikin.co.jp Type: PTR
545 IP: 61.195.104.133 (Japan)
546 HostName: mailagate01.nikkeikin.co.jp Type: MX
547 HostName: mailagate01.nikkeikin.co.jp Type: PTR
548 IP: 219.101.223.146 (Japan)
549 HostName: mailfgate02.nikkeikin.co.jp Type: MX
550 HostName: mailfgate02.nikkeikin.co.jp Type: PTR
551
552 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
553 No zone transfer found on nameserver 218.45.235.2
554 No zone transfer found on nameserver 219.101.223.132
555 No zone transfer found on nameserver 61.195.104.132
556 No zone transfer found on nameserver 61.115.192.18
557
558 Checking SPF record...
559 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 218.45.235.0/27, but only the network IP
560 New IP found: 218.45.235.0
561 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 219.101.223.128/26, but only the network IP
562 New IP found: 219.101.223.128
563 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 61.195.104.128/26, but only the network IP
564 New IP found: 61.195.104.128
565
566 Checking 192 most common hostnames using system default resolver...
567 IP: 219.101.223.158 (Japan)
568 HostName: www.nikkei-buturyu.co.jp. Type: A
569 IP: 219.101.223.158 (Japan)
570 HostName: www.nikkei-buturyu.co.jp. Type: A
571 HostName: www1.nikkei-buturyu.co.jp. Type: A
572 HostName: www1.nikkei-buturyu.co.jp Type: PTR
573
574 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
575 Checking netblock 218.45.235.0
576 Checking netblock 219.101.223.0
577 Checking netblock 61.195.104.0
578 Checking netblock 61.115.192.0
579
580 Searching for nikkei-buturyu.co.jp. emails in Google
581 nlc-saiyou@nikkei-buturyu.co.jp.
582
583 Checking 11 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
584 Host 218.45.235.2 is up (reset ttl 64)
585 Host 219.101.223.132 is up (reset ttl 64)
586 Host 218.45.235.0 is up (reset ttl 64)
587 Host 219.101.223.146 is up (reset ttl 64)
588 Host 61.195.104.133 is up (reset ttl 64)
589 Host 61.195.104.132 is up (reset ttl 64)
590 Host 219.101.223.158 is up (reset ttl 64)
591 Host 61.195.104.128 is up (reset ttl 64)
592 Host 61.115.192.18 is up (reset ttl 64)
593 Host 218.45.235.16 is up (reset ttl 64)
594 Host 219.101.223.128 is up (reset ttl 64)
595
596 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
597 Scanning ip 218.45.235.2 (ns.nikkeikin.co.jp (PTR)):
598 53/tcp open domain syn-ack ttl 52 ISC BIND
599 Device type: general purpose|storage-misc|router|WAP
600 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (91%), HP embedded (89%), MikroTik RouterOS 6.X (87%), Asus embedded (85%)
601 Scanning ip 219.101.223.132 (ns2.nikkeikin.co.jp (PTR)):
602 53/tcp open domain syn-ack ttl 47 ISC BIND
603 Scanning ip 218.45.235.0 ():
604 Scanning ip 219.101.223.146 (mailfgate02.nikkeikin.co.jp (PTR)):
605 Scanning ip 61.195.104.133 (mailagate01.nikkeikin.co.jp (PTR)):
606 Scanning ip 61.195.104.132 (ns3.nikkeikin.co.jp (PTR)):
607 53/tcp open domain syn-ack ttl 49 ISC BIND
608 Device type: general purpose|storage-misc|WAP|router
609 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (91%), HP embedded (89%), Asus embedded (85%), MikroTik RouterOS 6.X (85%)
610 Scanning ip 219.101.223.158 (www1.nikkei-buturyu.co.jp (PTR)):
611 80/tcp open http syn-ack ttl 111 Apache httpd
612 | http-methods:
613 |_ Supported Methods: GET HEAD POST OPTIONS
614 |_http-server-header: Apache
615 |_http-title: Did not follow redirect to https://219.101.223.158/
616 |_https-redirect: ERROR: Script execution failed (use -d to debug)
617 443/tcp open ssl/https? syn-ack ttl 111
618 |_ssl-date: 2019-10-25T00:00:08+00:00; +1m24s from scanner time.
619 | sslv2:
620 | SSLv2 supported
621 | ciphers:
622 | SSL2_DES_64_CBC_WITH_MD5
623 | SSL2_RC4_128_WITH_MD5
624 | SSL2_DES_192_EDE3_CBC_WITH_MD5
625 | SSL2_RC2_128_CBC_WITH_MD5
626 |_clock-skew: 1m23s
627 Scanning ip 61.195.104.128 ():
628 Scanning ip 61.115.192.18 (ns2.iprevolution.co.jp (PTR)):
629 53/tcp open domain syn-ack ttl 50 ISC BIND
630 Device type: general purpose|storage-misc|WAP|broadband router|router|media device
631 Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), Ubiquiti embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Netgear RAIDiator 4.X (89%)
632 Scanning ip 218.45.235.16 (mailgate02.nikkeikin.co.jp (PTR)):
633 Scanning ip 219.101.223.128 ():
634 WebCrawling domain's web servers... up to 50 max links.
635
636 + URL to crawl: http://www.nikkei-buturyu.co.jp.
637 + Date: 2019-10-24
638
639 + Crawling URL: http://www.nikkei-buturyu.co.jp.:
640 + Links:
641 + Crawling http://www.nikkei-buturyu.co.jp. ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:727))
642 + Searching for directories...
643 + Searching open folders...
644
645
646 + URL to crawl: http://www1.nikkei-buturyu.co.jp.
647 + Date: 2019-10-24
648
649 + Crawling URL: http://www1.nikkei-buturyu.co.jp.:
650 + Links:
651 + Crawling http://www1.nikkei-buturyu.co.jp. ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:727))
652 + Searching for directories...
653 + Searching open folders...
654
655--Finished--
656Summary information for domain nikkei-buturyu.co.jp.
657-----------------------------------------
658 Domain Specific Information:
659 Email: nlc-saiyou@nikkei-buturyu.co.jp.
660
661 Domain Ips Information:
662 IP: 218.45.235.2
663 HostName: ns.nikkeikin.co.jp Type: NS
664 HostName: ns.nikkeikin.co.jp Type: PTR
665 Country: Japan
666 Is Active: True (reset ttl 64)
667 Port: 53/tcp open domain syn-ack ttl 52 ISC BIND
668 Script Info: Device type: general purpose|storage-misc|router|WAP
669 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (91%), HP embedded (89%), MikroTik RouterOS 6.X (87%), Asus embedded (85%)
670 IP: 219.101.223.132
671 HostName: ns2.nikkeikin.co.jp Type: NS
672 HostName: ns2.nikkeikin.co.jp Type: PTR
673 Country: Japan
674 Is Active: True (reset ttl 64)
675 Port: 53/tcp open domain syn-ack ttl 47 ISC BIND
676 IP: 218.45.235.0
677 Type: SPF
678 Is Active: True (reset ttl 64)
679 IP: 219.101.223.146
680 HostName: mailfgate02.nikkeikin.co.jp Type: MX
681 HostName: mailfgate02.nikkeikin.co.jp Type: PTR
682 Country: Japan
683 Is Active: True (reset ttl 64)
684 IP: 61.195.104.133
685 HostName: mailagate01.nikkeikin.co.jp Type: MX
686 HostName: mailagate01.nikkeikin.co.jp Type: PTR
687 Country: Japan
688 Is Active: True (reset ttl 64)
689 IP: 61.195.104.132
690 HostName: ns3.nikkeikin.co.jp Type: NS
691 HostName: ns3.nikkeikin.co.jp Type: PTR
692 Country: Japan
693 Is Active: True (reset ttl 64)
694 Port: 53/tcp open domain syn-ack ttl 49 ISC BIND
695 Script Info: Device type: general purpose|storage-misc|WAP|router
696 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X|2.4.X (91%), HP embedded (89%), Asus embedded (85%), MikroTik RouterOS 6.X (85%)
697 IP: 219.101.223.158
698 HostName: www.nikkei-buturyu.co.jp. Type: A
699 HostName: www1.nikkei-buturyu.co.jp. Type: A
700 HostName: www1.nikkei-buturyu.co.jp Type: PTR
701 Country: Japan
702 Is Active: True (reset ttl 64)
703 Port: 80/tcp open http syn-ack ttl 111 Apache httpd
704 Script Info: | http-methods:
705 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
706 Script Info: |_http-server-header: Apache
707 Script Info: |_http-title: Did not follow redirect to https://219.101.223.158/
708 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
709 Port: 443/tcp open ssl/https? syn-ack ttl 111
710 Script Info: |_ssl-date: 2019-10-25T00:00:08+00:00; +1m24s from scanner time.
711 Script Info: | sslv2:
712 Script Info: | SSLv2 supported
713 Script Info: | ciphers:
714 Script Info: | SSL2_DES_64_CBC_WITH_MD5
715 Script Info: | SSL2_RC4_128_WITH_MD5
716 Script Info: | SSL2_DES_192_EDE3_CBC_WITH_MD5
717 Script Info: | SSL2_RC2_128_CBC_WITH_MD5
718 Script Info: |_clock-skew: 1m23s
719 IP: 61.195.104.128
720 Type: SPF
721 Is Active: True (reset ttl 64)
722 IP: 61.115.192.18
723 HostName: ns2.iprevolution.co.jp Type: NS
724 HostName: ns2.iprevolution.co.jp Type: PTR
725 Country: Japan
726 Is Active: True (reset ttl 64)
727 Port: 53/tcp open domain syn-ack ttl 50 ISC BIND
728 Script Info: Device type: general purpose|storage-misc|WAP|broadband router|router|media device
729 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), Ubiquiti embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Netgear RAIDiator 4.X (89%)
730 IP: 218.45.235.16
731 HostName: mailgate02.nikkeikin.co.jp Type: MX
732 HostName: mailgate02.nikkeikin.co.jp Type: PTR
733 Country: Japan
734 Is Active: True (reset ttl 64)
735 IP: 219.101.223.128
736 Type: SPF
737 Is Active: True (reset ttl 64)
738######################################################################################################################################
739==================================================================================================
740[3/100] http://www.nikkei-buturyu.co.jp/environment/nlc.pdf
741 [x] Error downloading http://www.nikkei-buturyu.co.jp/environment/nlc.pdf
742[4/100] http://www.nikkei-buturyu.co.jp/safety/safety.pdf
743 [x] Error downloading http://www.nikkei-buturyu.co.jp/safety/safety.pdf
744[5/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatad.pdf
745 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatad.pdf
746[6/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/KYUJINHYOU.pdf
747 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/KYUJINHYOU.pdf
748[7/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsanuki2.pdf
749 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsanuki2.pdf
750[8/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkoda.pdf
751 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkoda.pdf
752[9/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsoumu.pdf
753 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsoumu.pdf
754[10/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatas.pdf
755 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatas.pdf
756[11/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsapporo.pdf
757 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsapporo.pdf
758[12/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2017.pdf
759 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2017.pdf
760[13/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkanbara.pdf
761 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkanbara.pdf
762[14/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinokayama.pdf
763 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinokayama.pdf
764[15/100] https://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2019.pdf
765 [x] Error downloading https://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2019.pdf
766[16/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkaika.pdf
767 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkaika.pdf
768[17/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkannbara3.pdf
769 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkannbara3.pdf
770[18/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujineigyou.pdf
771 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujineigyou.pdf
772[19/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2018.pdf
773 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2018.pdf
774[20/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/UNYUMANEJIMENTO2016.pdf
775 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/UNYUMANEJIMENTO2016.pdf
776[21/100] http://www.nikkei-buturyu.co.jp/news/pdf/sosikikaisei2018.pdf
777 [x] Error downloading http://www.nikkei-buturyu.co.jp/news/pdf/sosikikaisei2018.pdf
778[22/100] http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenkou201804.pdf
779 [x] Error downloading http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenkou201804.pdf
780[23/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyohozen2016.pdf
781 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyohozen2016.pdf
782[24/100] https://www.nikkei-buturyu.co.jp/recruitment/pdf/hozennitaisurutorikumi2019.pdf
783 [x] Error downloading https://www.nikkei-buturyu.co.jp/recruitment/pdf/hozennitaisurutorikumi2019.pdf
784[25/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen.pdf
785 [x] Error downloading http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen.pdf
786[26/100] http://www.nikkei-buturyu.co.jp/news/pdf/organization.pdf
787 [x] Error downloading http://www.nikkei-buturyu.co.jp/news/pdf/organization.pdf
788[27/100] https://www.nikkei-buturyu.co.jp/news/pdf/souritukinenaisatu.pdf
789 [x] Error downloading https://www.nikkei-buturyu.co.jp/news/pdf/souritukinenaisatu.pdf
790[28/100] http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenko.pdf
791 [x] Error downloading http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenko.pdf
792[29/100] http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen2018.pdf
793######################################################################################################################################
794Processed queries: 0
795Received packets: 0
796Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
797Current incoming rate: 0 pps, average: 0 pps
798Current success rate: 0 pps, average: 0 pps
799Finished total: 0, success: 0 (0.00%)
800Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
801Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
802Response: | Success: | Total:
803OK: | 0 ( 0.00%) | 0 ( 0.00%)
804NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
805SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
806REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
807FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
808
809
810
811Processed queries: 1919
812Received packets: 287
813Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
814Current incoming rate: 286 pps, average: 286 pps
815Current success rate: 200 pps, average: 200 pps
816Finished total: 201, success: 201 (100.00%)
817Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
818Failures: 0: 27.36%, 1: 886.07%, 2: 41.29%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
819Response: | Success: | Total:
820OK: | 109 ( 54.23%) | 109 ( 38.38%)
821NXDOMAIN: | 79 ( 39.30%) | 79 ( 27.82%)
822SERVFAIL: | 13 ( 6.47%) | 13 ( 4.58%)
823REFUSED: | 0 ( 0.00%) | 83 ( 29.23%)
824FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
825
826
827
828Processed queries: 1919
829Received packets: 697
830Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
831Current incoming rate: 409 pps, average: 348 pps
832Current success rate: 298 pps, average: 249 pps
833Finished total: 500, success: 500 (100.00%)
834Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
835Failures: 0: 11.00%, 1: 29.20%, 2: 31.80%, 3: 274.20%, 4: 37.60%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
836Response: | Success: | Total:
837OK: | 277 ( 55.40%) | 277 ( 40.26%)
838NXDOMAIN: | 195 ( 39.00%) | 195 ( 28.34%)
839SERVFAIL: | 28 ( 5.60%) | 28 ( 4.07%)
840REFUSED: | 0 ( 0.00%) | 188 ( 27.33%)
841FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
842
843
844
845Processed queries: 1919
846Received packets: 1077
847Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
848Current incoming rate: 379 pps, average: 358 pps
849Current success rate: 284 pps, average: 261 pps
850Finished total: 785, success: 785 (100.00%)
851Mismatched domains: 1 (0.09%), IDs: 0 (0.00%)
852Failures: 0: 7.01%, 1: 18.60%, 2: 20.25%, 3: 17.83%, 4: 20.00%, 5: 125.73%, 6: 35.03%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
853Response: | Success: | Total:
854OK: | 544 ( 69.30%) | 544 ( 51.08%)
855NXDOMAIN: | 207 ( 26.37%) | 207 ( 19.44%)
856SERVFAIL: | 34 ( 4.33%) | 34 ( 3.19%)
857REFUSED: | 0 ( 0.00%) | 280 ( 26.29%)
858FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
859
860
861
862Processed queries: 1919
863Received packets: 1478
864Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
865Current incoming rate: 400 pps, average: 368 pps
866Current success rate: 247 pps, average: 257 pps
867Finished total: 1033, success: 1033 (100.00%)
868Mismatched domains: 91 (6.21%), IDs: 0 (0.00%)
869Failures: 0: 5.32%, 1: 14.13%, 2: 15.39%, 3: 13.55%, 4: 15.20%, 5: 12.39%, 6: 15.78%, 7: 64.18%, 8: 29.14%, 9: 0.68%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
870Response: | Success: | Total:
871OK: | 736 ( 71.25%) | 771 ( 52.59%)
872NXDOMAIN: | 249 ( 24.10%) | 271 ( 18.49%)
873SERVFAIL: | 48 ( 4.65%) | 53 ( 3.62%)
874REFUSED: | 0 ( 0.00%) | 371 ( 25.31%)
875FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
876
877
878
879Processed queries: 1919
880Received packets: 1859
881Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
882Current incoming rate: 380 pps, average: 371 pps
883Current success rate: 145 pps, average: 235 pps
884Finished total: 1179, success: 1179 (100.00%)
885Mismatched domains: 273 (14.79%), IDs: 0 (0.00%)
886Failures: 0: 4.66%, 1: 12.38%, 2: 13.49%, 3: 11.87%, 4: 13.32%, 5: 10.86%, 6: 13.83%, 7: 6.02%, 8: 6.36%, 9: 44.95%, 10: 23.24%, 11: 1.78%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
887Response: | Success: | Total:
888OK: | 810 ( 68.70%) | 921 ( 49.89%)
889NXDOMAIN: | 315 ( 26.72%) | 383 ( 20.75%)
890SERVFAIL: | 54 ( 4.58%) | 64 ( 3.47%)
891REFUSED: | 0 ( 0.00%) | 478 ( 25.89%)
892FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
893
894
895
896Processed queries: 1919
897Received packets: 2225
898Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
899Current incoming rate: 365 pps, average: 370 pps
900Current success rate: 123 pps, average: 216 pps
901Finished total: 1303, success: 1303 (100.00%)
902Mismatched domains: 457 (20.70%), IDs: 0 (0.00%)
903Failures: 0: 4.22%, 1: 11.20%, 2: 12.20%, 3: 10.74%, 4: 12.05%, 5: 9.82%, 6: 12.51%, 7: 5.45%, 8: 5.76%, 9: 5.99%, 10: 4.30%, 11: 31.24%, 12: 19.26%, 13: 2.53%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
904Response: | Success: | Total:
905OK: | 920 ( 70.61%) | 1153 ( 52.22%)
906NXDOMAIN: | 321 ( 24.64%) | 399 ( 18.07%)
907SERVFAIL: | 62 ( 4.76%) | 77 ( 3.49%)
908REFUSED: | 0 ( 0.00%) | 579 ( 26.22%)
909FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
910
911
912
913Processed queries: 1919
914Received packets: 2600
915Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
916Current incoming rate: 374 pps, average: 370 pps
917Current success rate: 138 pps, average: 205 pps
918Finished total: 1442, success: 1442 (100.00%)
919Mismatched domains: 650 (25.20%), IDs: 0 (0.00%)
920Failures: 0: 3.81%, 1: 10.12%, 2: 11.03%, 3: 9.71%, 4: 10.89%, 5: 8.88%, 6: 11.30%, 7: 4.92%, 8: 5.20%, 9: 5.41%, 10: 3.88%, 11: 4.79%, 12: 5.69%, 13: 19.14%, 14: 15.74%, 15: 2.57%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
921Response: | Success: | Total:
922OK: | 1032 ( 71.57%) | 1368 ( 53.04%)
923NXDOMAIN: | 348 ( 24.13%) | 458 ( 17.76%)
924SERVFAIL: | 62 ( 4.30%) | 82 ( 3.18%)
925REFUSED: | 0 ( 0.00%) | 671 ( 26.02%)
926FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
927
928
929
930Processed queries: 1919
931Received packets: 2996
932Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
933Current incoming rate: 395 pps, average: 373 pps
934Current success rate: 83 pps, average: 190 pps
935Finished total: 1526, success: 1526 (100.00%)
936Mismatched domains: 933 (31.38%), IDs: 0 (0.00%)
937Failures: 0: 3.60%, 1: 9.57%, 2: 10.42%, 3: 9.17%, 4: 10.29%, 5: 8.39%, 6: 10.68%, 7: 4.65%, 8: 4.91%, 9: 5.11%, 10: 3.67%, 11: 4.52%, 12: 5.37%, 13: 3.60%, 14: 2.75%, 15: 12.98%, 16: 13.76%, 17: 2.23%, 18: 0.07%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
938Response: | Success: | Total:
939OK: | 1080 ( 70.77%) | 1522 ( 51.19%)
940NXDOMAIN: | 379 ( 24.84%) | 565 ( 19.00%)
941SERVFAIL: | 67 ( 4.39%) | 97 ( 3.26%)
942REFUSED: | 0 ( 0.00%) | 789 ( 26.54%)
943FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
944
945
946
947Processed queries: 1919
948Received packets: 3402
949Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
950Current incoming rate: 405 pps, average: 377 pps
951Current success rate: 89 pps, average: 179 pps
952Finished total: 1616, success: 1616 (100.00%)
953Mismatched domains: 1225 (36.25%), IDs: 0 (0.00%)
954Failures: 0: 3.40%, 1: 9.03%, 2: 9.84%, 3: 8.66%, 4: 9.72%, 5: 7.92%, 6: 10.09%, 7: 4.39%, 8: 4.64%, 9: 4.83%, 10: 3.47%, 11: 4.27%, 12: 5.07%, 13: 3.40%, 14: 2.60%, 15: 2.04%, 16: 3.22%, 17: 9.53%, 18: 10.27%, 19: 2.29%, 20: 0.06%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
955Response: | Success: | Total:
956OK: | 1165 ( 72.09%) | 1796 ( 53.15%)
957NXDOMAIN: | 379 ( 23.45%) | 572 ( 16.93%)
958SERVFAIL: | 72 ( 4.46%) | 117 ( 3.46%)
959REFUSED: | 0 ( 0.00%) | 894 ( 26.46%)
960FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
961
962
963
964Processed queries: 1919
965Received packets: 3777
966Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
967Current incoming rate: 374 pps, average: 376 pps
968Current success rate: 72 pps, average: 168 pps
969Finished total: 1689, success: 1689 (100.00%)
970Mismatched domains: 1489 (39.71%), IDs: 0 (0.00%)
971Failures: 0: 3.26%, 1: 8.64%, 2: 9.41%, 3: 8.29%, 4: 9.30%, 5: 7.58%, 6: 9.65%, 7: 4.20%, 8: 4.44%, 9: 4.62%, 10: 3.32%, 11: 4.09%, 12: 4.85%, 13: 3.26%, 14: 2.49%, 15: 1.95%, 16: 3.08%, 17: 2.43%, 18: 1.60%, 19: 7.10%, 20: 8.05%, 21: 1.95%, 22: 0.06%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
972Response: | Success: | Total:
973OK: | 1213 ( 71.82%) | 1963 ( 52.35%)
974NXDOMAIN: | 402 ( 23.80%) | 669 ( 17.84%)
975SERVFAIL: | 74 ( 4.38%) | 126 ( 3.36%)
976REFUSED: | 0 ( 0.00%) | 992 ( 26.45%)
977FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
978
979
980
981Processed queries: 1919
982Received packets: 4161
983Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
984Current incoming rate: 383 pps, average: 377 pps
985Current success rate: 45 pps, average: 157 pps
986Finished total: 1735, success: 1735 (100.00%)
987Mismatched domains: 1811 (43.83%), IDs: 0 (0.00%)
988Failures: 0: 3.17%, 1: 8.41%, 2: 9.16%, 3: 8.07%, 4: 9.05%, 5: 7.38%, 6: 9.39%, 7: 4.09%, 8: 4.32%, 9: 4.50%, 10: 3.23%, 11: 3.98%, 12: 4.73%, 13: 3.17%, 14: 2.42%, 15: 1.90%, 16: 3.00%, 17: 2.36%, 18: 1.56%, 19: 2.31%, 20: 1.73%, 21: 5.76%, 22: 5.19%, 23: 1.61%, 24: 0.12%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
989Response: | Success: | Total:
990OK: | 1241 ( 71.53%) | 2112 ( 51.11%)
991NXDOMAIN: | 418 ( 24.09%) | 778 ( 18.83%)
992SERVFAIL: | 76 ( 4.38%) | 135 ( 3.27%)
993REFUSED: | 0 ( 0.00%) | 1107 ( 26.79%)
994FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
995
996
997
998Processed queries: 1919
999Received packets: 4536
1000Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1001Current incoming rate: 374 pps, average: 377 pps
1002Current success rate: 23 pps, average: 146 pps
1003Finished total: 1759, success: 1759 (100.00%)
1004Mismatched domains: 2152 (47.78%), IDs: 0 (0.00%)
1005Failures: 0: 3.13%, 1: 8.30%, 2: 9.04%, 3: 7.96%, 4: 8.93%, 5: 7.28%, 6: 9.27%, 7: 4.04%, 8: 4.26%, 9: 4.43%, 10: 3.18%, 11: 3.92%, 12: 4.66%, 13: 3.13%, 14: 2.39%, 15: 1.88%, 16: 2.96%, 17: 2.33%, 18: 1.53%, 19: 2.27%, 20: 1.71%, 21: 1.31%, 22: 0.97%, 23: 4.83%, 24: 4.04%, 25: 1.25%, 26: 0.11%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1006Response: | Success: | Total:
1007OK: | 1258 ( 71.52%) | 2288 ( 50.80%)
1008NXDOMAIN: | 423 ( 24.05%) | 870 ( 19.32%)
1009SERVFAIL: | 78 ( 4.43%) | 147 ( 3.26%)
1010REFUSED: | 0 ( 0.00%) | 1199 ( 26.62%)
1011FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1012
1013
1014
1015Processed queries: 1919
1016Received packets: 4942
1017Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1018Current incoming rate: 405 pps, average: 379 pps
1019Current success rate: 12 pps, average: 136 pps
1020Finished total: 1772, success: 1772 (100.00%)
1021Mismatched domains: 2533 (51.61%), IDs: 0 (0.00%)
1022Failures: 0: 3.10%, 1: 8.24%, 2: 8.97%, 3: 7.90%, 4: 8.86%, 5: 7.22%, 6: 9.20%, 7: 4.01%, 8: 4.23%, 9: 4.40%, 10: 3.16%, 11: 3.89%, 12: 4.63%, 13: 3.10%, 14: 2.37%, 15: 1.86%, 16: 2.93%, 17: 2.31%, 18: 1.52%, 19: 2.26%, 20: 1.69%, 21: 1.30%, 22: 0.96%, 23: 0.56%, 24: 0.45%, 25: 4.57%, 26: 3.67%, 27: 0.85%, 28: 0.06%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1023Response: | Success: | Total:
1024OK: | 1267 ( 71.50%) | 2479 ( 50.51%)
1025NXDOMAIN: | 427 ( 24.10%) | 957 ( 19.50%)
1026SERVFAIL: | 78 ( 4.40%) | 161 ( 3.28%)
1027REFUSED: | 0 ( 0.00%) | 1311 ( 26.71%)
1028FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1029
1030
1031
1032Processed queries: 1919
1033Received packets: 5334
1034Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1035Current incoming rate: 391 pps, average: 380 pps
1036Current success rate: 24 pps, average: 128 pps
1037Finished total: 1797, success: 1797 (100.00%)
1038Mismatched domains: 2885 (54.45%), IDs: 0 (0.00%)
1039Failures: 0: 3.06%, 1: 8.12%, 2: 8.85%, 3: 7.79%, 4: 8.74%, 5: 7.12%, 6: 9.07%, 7: 3.95%, 8: 4.17%, 9: 4.34%, 10: 3.12%, 11: 3.84%, 12: 4.56%, 13: 3.06%, 14: 2.34%, 15: 1.84%, 16: 2.89%, 17: 2.28%, 18: 1.50%, 19: 2.23%, 20: 1.67%, 21: 1.28%, 22: 0.95%, 23: 0.56%, 24: 0.45%, 25: 0.39%, 26: 0.67%, 27: 4.51%, 28: 2.56%, 29: 0.83%, 30: 0.06%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1040Response: | Success: | Total:
1041OK: | 1284 ( 71.45%) | 2696 ( 50.89%)
1042NXDOMAIN: | 433 ( 24.10%) | 1012 ( 19.10%)
1043SERVFAIL: | 80 ( 4.45%) | 173 ( 3.27%)
1044REFUSED: | 0 ( 0.00%) | 1417 ( 26.75%)
1045FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1046
1047
1048
1049Processed queries: 1919
1050Received packets: 5722
1051Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1052Current incoming rate: 387 pps, average: 380 pps
1053Current success rate: 24 pps, average: 121 pps
1054Finished total: 1822, success: 1822 (100.00%)
1055Mismatched domains: 3242 (57.05%), IDs: 0 (0.00%)
1056Failures: 0: 3.02%, 1: 8.01%, 2: 8.73%, 3: 7.68%, 4: 8.62%, 5: 7.03%, 6: 8.95%, 7: 3.90%, 8: 4.12%, 9: 4.28%, 10: 3.07%, 11: 3.79%, 12: 4.50%, 13: 3.02%, 14: 2.31%, 15: 1.81%, 16: 2.85%, 17: 2.25%, 18: 1.48%, 19: 2.20%, 20: 1.65%, 21: 1.26%, 22: 0.93%, 23: 0.55%, 24: 0.44%, 25: 0.38%, 26: 0.66%, 27: 0.71%, 28: 0.55%, 29: 4.17%, 30: 1.98%, 31: 0.44%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1057Response: | Success: | Total:
1058OK: | 1303 ( 71.51%) | 2905 ( 51.12%)
1059NXDOMAIN: | 437 ( 23.98%) | 1077 ( 18.95%)
1060SERVFAIL: | 82 ( 4.50%) | 186 ( 3.27%)
1061REFUSED: | 0 ( 0.00%) | 1515 ( 26.66%)
1062FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1063
1064
1065
1066Processed queries: 1919
1067Received packets: 6140
1068Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1069Current incoming rate: 417 pps, average: 383 pps
1070Current success rate: 17 pps, average: 114 pps
1071Finished total: 1840, success: 1840 (100.00%)
1072Mismatched domains: 3633 (59.56%), IDs: 0 (0.00%)
1073Failures: 0: 2.99%, 1: 7.93%, 2: 8.64%, 3: 7.61%, 4: 8.53%, 5: 6.96%, 6: 8.86%, 7: 3.86%, 8: 4.08%, 9: 4.24%, 10: 3.04%, 11: 3.75%, 12: 4.46%, 13: 2.99%, 14: 2.28%, 15: 1.79%, 16: 2.83%, 17: 2.23%, 18: 1.47%, 19: 2.17%, 20: 1.63%, 21: 1.25%, 22: 0.92%, 23: 0.54%, 24: 0.43%, 25: 0.38%, 26: 0.65%, 27: 0.71%, 28: 0.54%, 29: 0.71%, 30: 0.60%, 31: 3.48%, 32: 1.41%, 33: 0.33%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1074Response: | Success: | Total:
1075OK: | 1311 ( 71.25%) | 3111 ( 51.00%)
1076NXDOMAIN: | 446 ( 24.24%) | 1152 ( 18.89%)
1077SERVFAIL: | 83 ( 4.51%) | 207 ( 3.39%)
1078REFUSED: | 0 ( 0.00%) | 1630 ( 26.72%)
1079FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1080
1081
1082
1083Processed queries: 1919
1084Received packets: 6535
1085Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1086Current incoming rate: 394 pps, average: 383 pps
1087Current success rate: 41 pps, average: 110 pps
1088Finished total: 1882, success: 1882 (100.00%)
1089Mismatched domains: 3970 (61.16%), IDs: 0 (0.00%)
1090Failures: 0: 2.92%, 1: 7.76%, 2: 8.45%, 3: 7.44%, 4: 8.34%, 5: 6.80%, 6: 8.66%, 7: 3.77%, 8: 3.99%, 9: 4.14%, 10: 2.98%, 11: 3.67%, 12: 4.36%, 13: 2.92%, 14: 2.23%, 15: 1.75%, 16: 2.76%, 17: 2.18%, 18: 1.43%, 19: 2.13%, 20: 1.59%, 21: 1.22%, 22: 0.90%, 23: 0.53%, 24: 0.43%, 25: 0.37%, 26: 0.64%, 27: 0.69%, 28: 0.53%, 29: 0.69%, 30: 0.58%, 31: 0.53%, 32: 0.85%, 33: 2.50%, 34: 1.06%, 35: 0.16%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1091Response: | Success: | Total:
1092OK: | 1345 ( 71.47%) | 3324 ( 51.21%)
1093NXDOMAIN: | 453 ( 24.07%) | 1230 ( 18.95%)
1094SERVFAIL: | 84 ( 4.46%) | 221 ( 3.40%)
1095REFUSED: | 0 ( 0.00%) | 1716 ( 26.44%)
1096FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1097
1098
1099
1100Processed queries: 1919
1101Received packets: 6918
1102Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1103Current incoming rate: 382 pps, average: 383 pps
1104Current success rate: 16 pps, average: 105 pps
1105Finished total: 1899, success: 1899 (100.00%)
1106Mismatched domains: 4320 (62.87%), IDs: 0 (0.00%)
1107Failures: 0: 2.90%, 1: 7.69%, 2: 8.37%, 3: 7.37%, 4: 8.27%, 5: 6.74%, 6: 8.58%, 7: 3.74%, 8: 3.95%, 9: 4.11%, 10: 2.95%, 11: 3.63%, 12: 4.32%, 13: 2.90%, 14: 2.21%, 15: 1.74%, 16: 2.74%, 17: 2.16%, 18: 1.42%, 19: 2.11%, 20: 1.58%, 21: 1.21%, 22: 0.90%, 23: 0.53%, 24: 0.42%, 25: 0.37%, 26: 0.63%, 27: 0.68%, 28: 0.53%, 29: 0.68%, 30: 0.58%, 31: 0.53%, 32: 0.84%, 33: 1.32%, 34: 0.74%, 35: 0.79%, 36: 0.68%, 37: 0.16%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1108Response: | Success: | Total:
1109OK: | 1362 ( 71.72%) | 3516 ( 51.17%)
1110NXDOMAIN: | 453 ( 23.85%) | 1302 ( 18.95%)
1111SERVFAIL: | 84 ( 4.42%) | 233 ( 3.39%)
1112REFUSED: | 0 ( 0.00%) | 1820 ( 26.49%)
1113FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1114
1115
1116
1117Processed queries: 1919
1118Received packets: 7320
1119Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1120Current incoming rate: 401 pps, average: 384 pps
1121Current success rate: 15 pps, average: 100 pps
1122Finished total: 1915, success: 1915 (100.00%)
1123Mismatched domains: 4700 (64.64%), IDs: 0 (0.00%)
1124Failures: 0: 2.87%, 1: 7.62%, 2: 8.30%, 3: 7.31%, 4: 8.20%, 5: 6.68%, 6: 8.51%, 7: 3.71%, 8: 3.92%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.72%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.57%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.37%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.84%, 33: 1.31%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.47%, 38: 0.26%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1125Response: | Success: | Total:
1126OK: | 1378 ( 71.96%) | 3740 ( 51.44%)
1127NXDOMAIN: | 453 ( 23.66%) | 1363 ( 18.75%)
1128SERVFAIL: | 84 ( 4.39%) | 242 ( 3.33%)
1129REFUSED: | 0 ( 0.00%) | 1926 ( 26.49%)
1130FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1131
1132
1133
1134Processed queries: 1919
1135Received packets: 7687
1136Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1137Current incoming rate: 366 pps, average: 383 pps
1138Current success rate: 2 pps, average: 95 pps
1139Finished total: 1918, success: 1918 (100.00%)
1140Mismatched domains: 5061 (66.27%), IDs: 0 (0.00%)
1141Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.16%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1142Response: | Success: | Total:
1143OK: | 1381 ( 72.00%) | 3937 ( 51.55%)
1144NXDOMAIN: | 453 ( 23.62%) | 1417 ( 18.55%)
1145SERVFAIL: | 84 ( 4.38%) | 254 ( 3.33%)
1146REFUSED: | 0 ( 0.00%) | 2029 ( 26.57%)
1147FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1148
1149
1150
1151Processed queries: 1919
1152Received packets: 8040
1153Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1154Current incoming rate: 352 pps, average: 382 pps
1155Current success rate: 0 pps, average: 91 pps
1156Finished total: 1918, success: 1918 (100.00%)
1157Mismatched domains: 5410 (67.74%), IDs: 0 (0.00%)
1158Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.05%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1159Response: | Success: | Total:
1160OK: | 1381 ( 72.00%) | 4142 ( 51.87%)
1161NXDOMAIN: | 453 ( 23.62%) | 1467 ( 18.37%)
1162SERVFAIL: | 84 ( 4.38%) | 258 ( 3.23%)
1163REFUSED: | 0 ( 0.00%) | 2119 ( 26.53%)
1164FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1165
1166
1167
1168Processed queries: 1919
1169Received packets: 8265
1170Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1171Current incoming rate: 224 pps, average: 374 pps
1172Current success rate: 0 pps, average: 87 pps
1173Finished total: 1918, success: 1918 (100.00%)
1174Mismatched domains: 5634 (68.62%), IDs: 0 (0.00%)
1175Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1176Response: | Success: | Total:
1177OK: | 1381 ( 72.00%) | 4302 ( 52.40%)
1178NXDOMAIN: | 453 ( 23.62%) | 1480 ( 18.03%)
1179SERVFAIL: | 84 ( 4.38%) | 264 ( 3.22%)
1180REFUSED: | 0 ( 0.00%) | 2163 ( 26.35%)
1181FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1182
1183
1184
1185Processed queries: 1919
1186Received packets: 8269
1187Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
1188Current incoming rate: 3 pps, average: 358 pps
1189Current success rate: 0 pps, average: 83 pps
1190Finished total: 1918, success: 1918 (100.00%)
1191Mismatched domains: 5638 (68.64%), IDs: 0 (0.00%)
1192Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1193Response: | Success: | Total:
1194OK: | 1381 ( 72.00%) | 4303 ( 52.39%)
1195NXDOMAIN: | 453 ( 23.62%) | 1481 ( 18.03%)
1196SERVFAIL: | 84 ( 4.38%) | 265 ( 3.23%)
1197REFUSED: | 0 ( 0.00%) | 2163 ( 26.33%)
1198FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1199
1200
1201
1202Processed queries: 1919
1203Received packets: 8277
1204Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
1205Current incoming rate: 7 pps, average: 344 pps
1206Current success rate: 0 pps, average: 79 pps
1207Finished total: 1918, success: 1918 (100.00%)
1208Mismatched domains: 5646 (68.67%), IDs: 0 (0.00%)
1209Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1210Response: | Success: | Total:
1211OK: | 1381 ( 72.00%) | 4305 ( 52.36%)
1212NXDOMAIN: | 453 ( 23.62%) | 1483 ( 18.04%)
1213SERVFAIL: | 84 ( 4.38%) | 267 ( 3.25%)
1214REFUSED: | 0 ( 0.00%) | 2165 ( 26.33%)
1215FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1216
1217
1218
1219Processed queries: 1919
1220Received packets: 8281
1221Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1222Current incoming rate: 3 pps, average: 330 pps
1223Current success rate: 0 pps, average: 76 pps
1224Finished total: 1918, success: 1918 (100.00%)
1225Mismatched domains: 5650 (68.68%), IDs: 0 (0.00%)
1226Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.19%, 5: 6.67%, 6: 8.50%, 7: 3.70%, 8: 3.91%, 9: 4.07%, 10: 2.92%, 11: 3.60%, 12: 4.28%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.09%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
1227Response: | Success: | Total:
1228OK: | 1381 ( 72.00%) | 4306 ( 52.35%)
1229NXDOMAIN: | 453 ( 23.62%) | 1483 ( 18.03%)
1230SERVFAIL: | 84 ( 4.38%) | 269 ( 3.27%)
1231REFUSED: | 0 ( 0.00%) | 2166 ( 26.33%)
1232FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1233
1234
1235
1236Processed queries: 1919
1237Received packets: 8281
1238Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
1239Current incoming rate: 0 pps, average: 329 pps
1240Current success rate: 0 pps, average: 76 pps
1241Finished total: 1919, success: 1918 (99.95%)
1242Mismatched domains: 5650 (68.68%), IDs: 0 (0.00%)
1243Failures: 0: 2.87%, 1: 7.61%, 2: 8.29%, 3: 7.30%, 4: 8.18%, 5: 6.67%, 6: 8.49%, 7: 3.70%, 8: 3.91%, 9: 4.06%, 10: 2.92%, 11: 3.60%, 12: 4.27%, 13: 2.87%, 14: 2.19%, 15: 1.72%, 16: 2.71%, 17: 2.14%, 18: 1.41%, 19: 2.08%, 20: 1.56%, 21: 1.20%, 22: 0.89%, 23: 0.52%, 24: 0.42%, 25: 0.36%, 26: 0.63%, 27: 0.68%, 28: 0.52%, 29: 0.68%, 30: 0.57%, 31: 0.52%, 32: 0.83%, 33: 1.30%, 34: 0.73%, 35: 0.42%, 36: 0.42%, 37: 0.42%, 38: 0.16%, 39: 0.10%, 40: 0.00%, 41: 0.00%, 42: 0.05%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
1244Response: | Success: | Total:
1245OK: | 1381 ( 72.00%) | 4306 ( 52.35%)
1246NXDOMAIN: | 453 ( 23.62%) | 1483 ( 18.03%)
1247SERVFAIL: | 84 ( 4.38%) | 269 ( 3.27%)
1248REFUSED: | 0 ( 0.00%) | 2166 ( 26.33%)
1249FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1250www1.nikkei-buturyu.co.jp
1251wwwgames.nikkei-buturyu.co.jp
1252www.nikkei-buturyu.co.jp
1253www1.nikkei-buturyu.co.jp.
1254219.101.223.158
125591.207.40.254
1256######################################################################################################################################
1257[+] www.nikkei-buturyu.co.jp has no SPF record!
1258[*] No DMARC record found. Looking for organizational record
1259[+] No organizational DMARC record
1260[+] Spoofing possible for www.nikkei-buturyu.co.jp!
1261#####################################################################################################################################
1262Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 21:05 EDT
1263Nmap scan report for www.nikkei-buturyu.co.jp (219.101.223.158)
1264Host is up (0.33s latency).
1265rDNS record for 219.101.223.158: www1.nikkei-buturyu.co.jp
1266Not shown: 995 filtered ports, 3 closed ports
1267Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1268PORT STATE SERVICE
126980/tcp open http
1270443/tcp open https
1271
1272Nmap done: 1 IP address (1 host up) scanned in 23.78 seconds
1273#####################################################################################################################################
1274Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 21:05 EDT
1275Nmap scan report for www.nikkei-buturyu.co.jp (219.101.223.158)
1276Host is up (0.11s latency).
1277rDNS record for 219.101.223.158: www1.nikkei-buturyu.co.jp
1278Not shown: 2 filtered ports
1279PORT STATE SERVICE
128053/udp open|filtered domain
128167/udp open|filtered dhcps
128268/udp open|filtered dhcpc
128369/udp open|filtered tftp
128488/udp open|filtered kerberos-sec
1285123/udp open|filtered ntp
1286139/udp open|filtered netbios-ssn
1287161/udp open|filtered snmp
1288162/udp open|filtered snmptrap
1289389/udp open|filtered ldap
1290500/udp open|filtered isakmp
1291520/udp open|filtered route
12922049/udp open|filtered nfs
1293
1294Nmap done: 1 IP address (1 host up) scanned in 3.23 seconds
1295####################################################################################################################################
1296HTTP/1.1 302 Found
1297Date: Fri, 25 Oct 2019 01:06:57 GMT
1298Server: Apache
1299Location: https://www.nikkei-buturyu.co.jp/
1300Content-Type: text/html; charset=iso-8859-1
1301#####################################################################################################################################
1302Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 21:06 EDT
1303NSE: Loaded 163 scripts for scanning.
1304NSE: Script Pre-scanning.
1305Initiating NSE at 21:06
1306Completed NSE at 21:06, 0.00s elapsed
1307Initiating NSE at 21:06
1308Completed NSE at 21:06, 0.00s elapsed
1309Initiating Parallel DNS resolution of 1 host. at 21:06
1310Completed Parallel DNS resolution of 1 host. at 21:06, 0.02s elapsed
1311Initiating SYN Stealth Scan at 21:06
1312Scanning www.nikkei-buturyu.co.jp (219.101.223.158) [1 port]
1313Discovered open port 80/tcp on 219.101.223.158
1314Completed SYN Stealth Scan at 21:06, 0.38s elapsed (1 total ports)
1315Initiating Service scan at 21:06
1316Scanning 1 service on www.nikkei-buturyu.co.jp (219.101.223.158)
1317Completed Service scan at 21:06, 6.73s elapsed (1 service on 1 host)
1318Initiating OS detection (try #1) against www.nikkei-buturyu.co.jp (219.101.223.158)
1319Retrying OS detection (try #2) against www.nikkei-buturyu.co.jp (219.101.223.158)
1320Initiating Traceroute at 21:06
1321Completed Traceroute at 21:06, 3.42s elapsed
1322Initiating Parallel DNS resolution of 13 hosts. at 21:06
1323Completed Parallel DNS resolution of 13 hosts. at 21:06, 0.35s elapsed
1324NSE: Script scanning 219.101.223.158.
1325Initiating NSE at 21:06
1326Completed NSE at 21:07, 89.85s elapsed
1327Initiating NSE at 21:07
1328Completed NSE at 21:07, 2.11s elapsed
1329Nmap scan report for www.nikkei-buturyu.co.jp (219.101.223.158)
1330Host is up (0.39s latency).
1331rDNS record for 219.101.223.158: www1.nikkei-buturyu.co.jp
1332
1333PORT STATE SERVICE VERSION
133480/tcp open http Apache httpd
1335| http-brute:
1336|_ Path "/" does not require authentication
1337|_http-chrono: Request times for /; avg: 1221.19ms; min: 1148.74ms; max: 1306.06ms
1338|_http-csrf: Couldn't find any CSRF vulnerabilities.
1339|_http-date: Fri, 25 Oct 2019 01:08:06 GMT; +1m24s from local time.
1340|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1341|_http-dombased-xss: Couldn't find any DOM based XSS.
1342|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1343|_http-errors: Couldn't find any error pages.
1344|_http-feed: Couldn't find any feeds.
1345|_http-fetch: Please enter the complete path of the directory to save data in.
1346| http-headers:
1347| Date: Fri, 25 Oct 2019 01:08:11 GMT
1348| Server: Apache
1349| Location: https://www.nikkei-buturyu.co.jp/
1350| Content-Length: 217
1351| Connection: close
1352| Content-Type: text/html; charset=iso-8859-1
1353|
1354|_ (Request type: GET)
1355|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1356| http-methods:
1357|_ Supported Methods: GET HEAD POST OPTIONS
1358|_http-mobileversion-checker: No mobile version detected.
1359|_http-passwd: ERROR: Script execution failed (use -d to debug)
1360|_http-security-headers:
1361|_http-server-header: Apache
1362| http-sitemap-generator:
1363| Directory structure:
1364| Longest directory structure:
1365| Depth: 0
1366| Dir: /
1367| Total files found (by extension):
1368|_
1369|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1370|_http-title: Did not follow redirect to https://www.nikkei-buturyu.co.jp/
1371| http-vhosts:
1372|_127 names had status 302
1373|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1374|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1375|_http-xssed: No previously reported XSS vuln.
1376|_https-redirect: ERROR: Script execution failed (use -d to debug)
1377| vulscan: VulDB - https://vuldb.com:
1378| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1379| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1380| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1381| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1382| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1383| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1384| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1385| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1386| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1387| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1388| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1389| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1390| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1391| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1392| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1393| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1394| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1395| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1396| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1397| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1398| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1399| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1400| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1401| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1402| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1403| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1404| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1405| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1406| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1407| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1408| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1409| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1410| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1411| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1412| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1413| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1414| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1415| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1416| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1417| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1418| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1419| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1420| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1421| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1422| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1423| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1424| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1425| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1426| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1427| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1428| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1429| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1430| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1431| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1432| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1433| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1434| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1435| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1436| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1437| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1438| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1439| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1440| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1441| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1442| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1443| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1444| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1445| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1446| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1447| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1448| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1449| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1450| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1451| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1452| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1453| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1454| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1455| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1456| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1457| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1458| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1459| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1460| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1461| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1462| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1463| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1464| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1465| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1466| [136370] Apache Fineract up to 1.2.x sql injection
1467| [136369] Apache Fineract up to 1.2.x sql injection
1468| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1469| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1470| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1471| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1472| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1473| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1474| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1475| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1476| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1477| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1478| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1479| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1480| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1481| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1482| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1483| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1484| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1485| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1486| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1487| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1488| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1489| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1490| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1491| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1492| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1493| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1494| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1495| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1496| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1497| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1498| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1499| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1500| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1501| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1502| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1503| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1504| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1505| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1506| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1507| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1508| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1509| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1510| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1511| [130629] Apache Guacamole Cookie Flag weak encryption
1512| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1513| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1514| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1515| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1516| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1517| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1518| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1519| [130123] Apache Airflow up to 1.8.2 information disclosure
1520| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1521| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1522| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1523| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1524| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1525| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1526| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1527| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1528| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1529| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1530| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1531| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1532| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1533| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1534| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1535| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1536| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1537| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1538| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1539| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1540| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1541| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1542| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1543| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1544| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1545| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1546| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1547| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1548| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1549| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1550| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1551| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1552| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1553| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1554| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1555| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1556| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1557| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1558| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1559| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1560| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1561| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1562| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1563| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1564| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1565| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1566| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1567| [127007] Apache Spark Request Code Execution
1568| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1569| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1570| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1571| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1572| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1573| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1574| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1575| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1576| [126346] Apache Tomcat Path privilege escalation
1577| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1578| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1579| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1580| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1581| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1582| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1583| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1584| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1585| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1586| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1587| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1588| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1589| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1590| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1591| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1592| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1593| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1594| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1595| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1596| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1597| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1598| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1599| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1600| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1601| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1602| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1603| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1604| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1605| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1606| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1607| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1608| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1609| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1610| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1611| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1612| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1613| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1614| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1615| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1616| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1617| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1618| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1619| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1620| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1621| [123197] Apache Sentry up to 2.0.0 privilege escalation
1622| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1623| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1624| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1625| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1626| [122800] Apache Spark 1.3.0 REST API weak authentication
1627| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1628| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1629| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1630| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1631| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1632| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1633| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1634| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1635| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1636| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1637| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1638| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1639| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1640| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1641| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1642| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1643| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1644| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1645| [121354] Apache CouchDB HTTP API Code Execution
1646| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1647| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1648| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1649| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1650| [120168] Apache CXF weak authentication
1651| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1652| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1653| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1654| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1655| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1656| [119306] Apache MXNet Network Interface privilege escalation
1657| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1658| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1659| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1660| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1661| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1662| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1663| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1664| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1665| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1666| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1667| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1668| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1669| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1670| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1671| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1672| [117115] Apache Tika up to 1.17 tika-server command injection
1673| [116929] Apache Fineract getReportType Parameter privilege escalation
1674| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1675| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1676| [116926] Apache Fineract REST Parameter privilege escalation
1677| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1678| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1679| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1680| [115883] Apache Hive up to 2.3.2 privilege escalation
1681| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1682| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1683| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1684| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1685| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1686| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1687| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1688| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1689| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1690| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1691| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1692| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1693| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1694| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1695| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1696| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1697| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1698| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1699| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1700| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1701| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1702| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1703| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1704| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1705| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1706| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1707| [113895] Apache Geode up to 1.3.x Code Execution
1708| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1709| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1710| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1711| [113747] Apache Tomcat Servlets privilege escalation
1712| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1713| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1714| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1715| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1716| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1717| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1718| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1719| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1720| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1721| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1722| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1723| [112885] Apache Allura up to 1.8.0 File information disclosure
1724| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1725| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1726| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1727| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1728| [112625] Apache POI up to 3.16 Loop denial of service
1729| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1730| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1731| [112339] Apache NiFi 1.5.0 Header privilege escalation
1732| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
1733| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
1734| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1735| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
1736| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
1737| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
1738| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
1739| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
1740| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
1741| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
1742| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
1743| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
1744| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
1745| [112114] Oracle 9.1 Apache Log4j privilege escalation
1746| [112113] Oracle 9.1 Apache Log4j privilege escalation
1747| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
1748| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
1749| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
1750| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
1751| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
1752| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
1753| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
1754| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
1755| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
1756| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
1757| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
1758| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
1759| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
1760| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
1761| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
1762| [110701] Apache Fineract Query Parameter sql injection
1763| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
1764| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
1765| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
1766| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
1767| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
1768| [110106] Apache CXF Fediz Spring cross site request forgery
1769| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
1770| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
1771| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
1772| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
1773| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
1774| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
1775| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1776| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
1777| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
1778| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
1779| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
1780| [108938] Apple macOS up to 10.13.1 apache denial of service
1781| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
1782| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
1783| [108935] Apple macOS up to 10.13.1 apache denial of service
1784| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
1785| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
1786| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
1787| [108931] Apple macOS up to 10.13.1 apache denial of service
1788| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
1789| [108929] Apple macOS up to 10.13.1 apache denial of service
1790| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
1791| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
1792| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1793| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
1794| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
1795| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1796| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
1797| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
1798| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
1799| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
1800| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
1801| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
1802| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
1803| [108782] Apache Xerces2 XML Service denial of service
1804| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
1805| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
1806| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
1807| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
1808| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
1809| [108629] Apache OFBiz up to 10.04.01 privilege escalation
1810| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
1811| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1812| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
1813| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
1814| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1815| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
1816| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
1817| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
1818| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
1819| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
1820| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
1821| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
1822| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
1823| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
1824| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
1825| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
1826| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
1827| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1828| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1829| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
1830| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
1831| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
1832| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
1833| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
1834| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
1835| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
1836| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
1837| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
1838| [107639] Apache NiFi 1.4.0 XML External Entity
1839| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
1840| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
1841| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
1842| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
1843| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
1844| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
1845| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
1846| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
1847| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
1848| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
1849| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
1850| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1851| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1852| [107197] Apache Xerces Jelly Parser XML File XML External Entity
1853| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
1854| [107084] Apache Struts up to 2.3.19 cross site scripting
1855| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
1856| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
1857| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
1858| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
1859| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
1860| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1861| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
1862| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
1863| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1864| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
1865| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
1866| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1867| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1868| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1869| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
1870| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
1871| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
1872| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
1873| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
1874| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
1875| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
1876| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
1877| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
1878| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
1879| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
1880| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
1881| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
1882| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
1883| [105878] Apache Struts up to 2.3.24.0 privilege escalation
1884| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
1885| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
1886| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
1887| [105643] Apache Pony Mail up to 0.8b weak authentication
1888| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
1889| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
1890| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
1891| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
1892| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
1893| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
1894| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
1895| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
1896| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
1897| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
1898| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
1899| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
1900| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
1901| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
1902| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
1903| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
1904| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
1905| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
1906| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
1907| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
1908| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
1909| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
1910| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
1911| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
1912| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
1913| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
1914| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
1915| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
1916| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
1917| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
1918| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
1919| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
1920| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
1921| [103690] Apache OpenMeetings 1.0.0 sql injection
1922| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
1923| [103688] Apache OpenMeetings 1.0.0 weak encryption
1924| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
1925| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
1926| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
1927| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
1928| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
1929| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
1930| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
1931| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
1932| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
1933| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
1934| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
1935| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
1936| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
1937| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
1938| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
1939| [103352] Apache Solr Node weak authentication
1940| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
1941| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
1942| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
1943| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
1944| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
1945| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
1946| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
1947| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
1948| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
1949| [102536] Apache Ranger up to 0.6 Stored cross site scripting
1950| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
1951| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
1952| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
1953| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
1954| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
1955| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
1956| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
1957| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
1958| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
1959| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
1960| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
1961| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
1962| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
1963| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
1964| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
1965| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
1966| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
1967| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
1968| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
1969| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
1970| [99937] Apache Batik up to 1.8 privilege escalation
1971| [99936] Apache FOP up to 2.1 privilege escalation
1972| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
1973| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
1974| [99930] Apache Traffic Server up to 6.2.0 denial of service
1975| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
1976| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
1977| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
1978| [117569] Apache Hadoop up to 2.7.3 privilege escalation
1979| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
1980| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
1981| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
1982| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
1983| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
1984| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
1985| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
1986| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
1987| [99014] Apache Camel Jackson/JacksonXML privilege escalation
1988| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1989| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
1990| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1991| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
1992| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
1993| [98605] Apple macOS up to 10.12.3 Apache denial of service
1994| [98604] Apple macOS up to 10.12.3 Apache denial of service
1995| [98603] Apple macOS up to 10.12.3 Apache denial of service
1996| [98602] Apple macOS up to 10.12.3 Apache denial of service
1997| [98601] Apple macOS up to 10.12.3 Apache denial of service
1998| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
1999| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2000| [98199] Apache Camel Validation XML External Entity
2001| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2002| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2003| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2004| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2005| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2006| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2007| [97081] Apache Tomcat HTTPS Request denial of service
2008| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2009| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2010| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2011| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2012| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2013| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2014| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2015| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2016| [95311] Apache Storm UI Daemon privilege escalation
2017| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2018| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2019| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2020| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2021| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2022| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2023| [94540] Apache Tika 1.9 tika-server File information disclosure
2024| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2025| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2026| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2027| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2028| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2029| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2030| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2031| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2032| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2033| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2034| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2035| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2036| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2037| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2038| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2039| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2040| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2041| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2042| [93532] Apache Commons Collections Library Java privilege escalation
2043| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2044| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2045| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2046| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2047| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2048| [93098] Apache Commons FileUpload privilege escalation
2049| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2050| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2051| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2052| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2053| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2054| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2055| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2056| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2057| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2058| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2059| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2060| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2061| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2062| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2063| [92549] Apache Tomcat on Red Hat privilege escalation
2064| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2065| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2066| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2067| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2068| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2069| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2070| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2071| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2072| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2073| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2074| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2075| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2076| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2077| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2078| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2079| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2080| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2081| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2082| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2083| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2084| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2085| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2086| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2087| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2088| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2089| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2090| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2091| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2092| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2093| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2094| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2095| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2096| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2097| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2098| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2099| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2100| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2101| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2102| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2103| [90263] Apache Archiva Header denial of service
2104| [90262] Apache Archiva Deserialize privilege escalation
2105| [90261] Apache Archiva XML DTD Connection privilege escalation
2106| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2107| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2108| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2109| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2110| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2111| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2112| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2113| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2114| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2115| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2116| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2117| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2118| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2119| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2120| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2121| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2122| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2123| [87765] Apache James Server 2.3.2 Command privilege escalation
2124| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2125| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2126| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2127| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2128| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2129| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2130| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2131| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2132| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2133| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2134| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2135| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2136| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2137| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2138| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2139| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2140| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2141| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2142| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2143| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2144| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2145| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2146| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2147| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2148| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2149| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2150| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2151| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2152| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2153| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2154| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2155| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2156| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2157| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2158| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2159| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2160| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2161| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2162| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2163| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2164| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2165| [82076] Apache Ranger up to 0.5.1 privilege escalation
2166| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2167| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2168| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2169| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2170| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2171| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2172| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2173| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2174| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2175| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2176| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2177| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2178| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2179| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2180| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2181| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2182| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2183| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2184| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2185| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2186| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2187| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2188| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2189| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2190| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2191| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2192| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2193| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2194| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2195| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2196| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2197| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2198| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2199| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2200| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2201| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2202| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2203| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2204| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2205| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2206| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2207| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2208| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2209| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2210| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2211| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2212| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2213| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2214| [78989] Apache Ambari up to 2.1.1 Open Redirect
2215| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2216| [78987] Apache Ambari up to 2.0.x cross site scripting
2217| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2218| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2219| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2220| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2221| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2222| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2223| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2224| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2225| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2226| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2227| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2228| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2229| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2230| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2231| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2232| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2233| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2234| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2235| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2236| [76567] Apache Struts 2.3.20 unknown vulnerability
2237| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2238| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2239| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2240| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2241| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2242| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2243| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2244| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2245| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2246| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2247| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2248| [74793] Apache Tomcat File Upload denial of service
2249| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2250| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2251| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2252| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2253| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2254| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2255| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2256| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2257| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2258| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2259| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2260| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2261| [74468] Apache Batik up to 1.6 denial of service
2262| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2263| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2264| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2265| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2266| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2267| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2268| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2269| [73731] Apache XML Security unknown vulnerability
2270| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2271| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2272| [73593] Apache Traffic Server up to 5.1.0 denial of service
2273| [73511] Apache POI up to 3.10 Deadlock denial of service
2274| [73510] Apache Solr up to 4.3.0 cross site scripting
2275| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2276| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2277| [73173] Apache CloudStack Stack-Based unknown vulnerability
2278| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2279| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2280| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2281| [72890] Apache Qpid 0.30 unknown vulnerability
2282| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2283| [72878] Apache Cordova 3.5.0 cross site request forgery
2284| [72877] Apache Cordova 3.5.0 cross site request forgery
2285| [72876] Apache Cordova 3.5.0 cross site request forgery
2286| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2287| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2288| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2289| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2290| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2291| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2292| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2293| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2294| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2295| [71629] Apache Axis2/C spoofing
2296| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2297| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2298| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2299| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2300| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2301| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2302| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2303| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2304| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2305| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2306| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2307| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2308| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2309| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2310| [70809] Apache POI up to 3.11 Crash denial of service
2311| [70808] Apache POI up to 3.10 unknown vulnerability
2312| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2313| [70749] Apache Axis up to 1.4 getCN spoofing
2314| [70701] Apache Traffic Server up to 3.3.5 denial of service
2315| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2316| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2317| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2318| [70661] Apache Subversion up to 1.6.17 denial of service
2319| [70660] Apache Subversion up to 1.6.17 spoofing
2320| [70659] Apache Subversion up to 1.6.17 spoofing
2321| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2322| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2323| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2324| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2325| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2326| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2327| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2328| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2329| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2330| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2331| [69846] Apache HBase up to 0.94.8 information disclosure
2332| [69783] Apache CouchDB up to 1.2.0 memory corruption
2333| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2334| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2335| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2336| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2337| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2338| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2339| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2340| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2341| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2342| [69431] Apache Archiva up to 1.3.6 cross site scripting
2343| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2344| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2345| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2346| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2347| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2348| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2349| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2350| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2351| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2352| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2353| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2354| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2355| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2356| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2357| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2358| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2359| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2360| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2361| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2362| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2363| [66356] Apache Wicket up to 6.8.0 information disclosure
2364| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2365| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2366| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2367| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2368| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2369| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2370| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2371| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2372| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2373| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2374| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2375| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2376| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2377| [65668] Apache Solr 4.0.0 Updater denial of service
2378| [65665] Apache Solr up to 4.3.0 denial of service
2379| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2380| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2381| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2382| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2383| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2384| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2385| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2386| [65410] Apache Struts 2.3.15.3 cross site scripting
2387| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2388| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2389| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2390| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2391| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2392| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2393| [65340] Apache Shindig 2.5.0 information disclosure
2394| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2395| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2396| [10826] Apache Struts 2 File privilege escalation
2397| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2398| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2399| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2400| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2401| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2402| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2403| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2404| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2405| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2406| [64722] Apache XML Security for C++ Heap-based memory corruption
2407| [64719] Apache XML Security for C++ Heap-based memory corruption
2408| [64718] Apache XML Security for C++ verify denial of service
2409| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2410| [64716] Apache XML Security for C++ spoofing
2411| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2412| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2413| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2414| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2415| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2416| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2417| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2418| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2419| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2420| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2421| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2422| [64467] Apache Geronimo 3.0 memory corruption
2423| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2424| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2425| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2426| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2427| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2428| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2429| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2430| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2431| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2432| [8873] Apache Struts 2.3.14 privilege escalation
2433| [8872] Apache Struts 2.3.14 privilege escalation
2434| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2435| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2436| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2437| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2438| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2439| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2440| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2441| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2442| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2443| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2444| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2445| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2446| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2447| [8427] Apache Tomcat Session Transaction weak authentication
2448| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2449| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2450| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2451| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2452| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2453| [63747] Apache Rave up to 0.20 User Account information disclosure
2454| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2455| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2456| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2457| [7687] Apache CXF up to 2.7.2 Token weak authentication
2458| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2459| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2460| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2461| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2462| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2463| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2464| [63090] Apache Tomcat up to 4.1.24 denial of service
2465| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2466| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2467| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2468| [62833] Apache CXF -/2.6.0 spoofing
2469| [62832] Apache Axis2 up to 1.6.2 spoofing
2470| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2471| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2472| [62826] Apache Libcloud up to 0.11.0 spoofing
2473| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2474| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2475| [62661] Apache Axis2 unknown vulnerability
2476| [62658] Apache Axis2 unknown vulnerability
2477| [62467] Apache Qpid up to 0.17 denial of service
2478| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2479| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2480| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2481| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2482| [62035] Apache Struts up to 2.3.4 denial of service
2483| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2484| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2485| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2486| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2487| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2488| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2489| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2490| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2491| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2492| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2493| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2494| [61229] Apache Sling up to 2.1.1 denial of service
2495| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2496| [61094] Apache Roller up to 5.0 cross site scripting
2497| [61093] Apache Roller up to 5.0 cross site request forgery
2498| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2499| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2500| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2501| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2502| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2503| [60708] Apache Qpid 0.12 unknown vulnerability
2504| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2505| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2506| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2507| [4882] Apache Wicket up to 1.5.4 directory traversal
2508| [4881] Apache Wicket up to 1.4.19 cross site scripting
2509| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2510| [60352] Apache Struts up to 2.2.3 memory corruption
2511| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2512| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2513| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2514| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2515| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2516| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2517| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2518| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2519| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2520| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2521| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2522| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2523| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2524| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2525| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2526| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2527| [59888] Apache Tomcat up to 6.0.6 denial of service
2528| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2529| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2530| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2531| [59850] Apache Geronimo up to 2.2.1 denial of service
2532| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2533| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2534| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2535| [58413] Apache Tomcat up to 6.0.10 spoofing
2536| [58381] Apache Wicket up to 1.4.17 cross site scripting
2537| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2538| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2539| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2540| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2541| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2542| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2543| [57568] Apache Archiva up to 1.3.4 cross site scripting
2544| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2545| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2546| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2547| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2548| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2549| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2550| [57025] Apache Tomcat up to 7.0.11 information disclosure
2551| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2552| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2553| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2554| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2555| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2556| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2557| [56512] Apache Continuum up to 1.4.0 cross site scripting
2558| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2559| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2560| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2561| [56441] Apache Tomcat up to 7.0.6 denial of service
2562| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2563| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2564| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2565| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2566| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2567| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2568| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2569| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2570| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2571| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2572| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2573| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2574| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2575| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2576| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2577| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2578| [54012] Apache Tomcat up to 6.0.10 denial of service
2579| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2580| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2581| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2582| [52894] Apache Tomcat up to 6.0.7 information disclosure
2583| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2584| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2585| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2586| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2587| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2588| [52584] Apache CouchDB up to 0.10.1 information disclosure
2589| [51757] Apache HTTP Server 2.0.44 cross site scripting
2590| [51756] Apache HTTP Server 2.0.44 spoofing
2591| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2592| [51690] Apache Tomcat up to 6.0 directory traversal
2593| [51689] Apache Tomcat up to 6.0 information disclosure
2594| [51688] Apache Tomcat up to 6.0 directory traversal
2595| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2596| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2597| [50626] Apache Solr 1.0.0 cross site scripting
2598| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2599| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2600| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2601| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2602| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2603| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2604| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2605| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2606| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2607| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2608| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2609| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2610| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2611| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2612| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2613| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2614| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2615| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2616| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2617| [47214] Apachefriends xampp 1.6.8 spoofing
2618| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2619| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2620| [47065] Apache Tomcat 4.1.23 cross site scripting
2621| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2622| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2623| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2624| [86625] Apache Struts directory traversal
2625| [44461] Apache Tomcat up to 5.5.0 information disclosure
2626| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2627| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2628| [43663] Apache Tomcat up to 6.0.16 directory traversal
2629| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2630| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2631| [43516] Apache Tomcat up to 4.1.20 directory traversal
2632| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2633| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2634| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2635| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2636| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2637| [40924] Apache Tomcat up to 6.0.15 information disclosure
2638| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2639| [40922] Apache Tomcat up to 6.0 information disclosure
2640| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2641| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2642| [40656] Apache Tomcat 5.5.20 information disclosure
2643| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2644| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2645| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2646| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2647| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2648| [40234] Apache Tomcat up to 6.0.15 directory traversal
2649| [40221] Apache HTTP Server 2.2.6 information disclosure
2650| [40027] David Castro Apache Authcas 0.4 sql injection
2651| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2652| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2653| [3414] Apache Tomcat WebDAV Stored privilege escalation
2654| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2655| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2656| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2657| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2658| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2659| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2660| [38524] Apache Geronimo 2.0 unknown vulnerability
2661| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2662| [38331] Apache Tomcat 4.1.24 information disclosure
2663| [38330] Apache Tomcat 4.1.24 information disclosure
2664| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2665| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2666| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2667| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2668| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2669| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2670| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2671| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2672| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2673| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2674| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2675| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2676| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2677| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2678| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2679| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2680| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2681| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2682| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2683| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2684| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2685| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2686| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2687| [34252] Apache HTTP Server denial of service
2688| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2689| [33877] Apache Opentaps 0.9.3 cross site scripting
2690| [33876] Apache Open For Business Project unknown vulnerability
2691| [33875] Apache Open For Business Project cross site scripting
2692| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2693| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2694|
2695| MITRE CVE - https://cve.mitre.org:
2696| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2697| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2698| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2699| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2700| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2701| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2702| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2703| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2704| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2705| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2706| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2707| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2708| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2709| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2710| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2711| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2712| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2713| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2714| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2715| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2716| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2717| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2718| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2719| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2720| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2721| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2722| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2723| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2724| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2725| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2726| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2727| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2728| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2729| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2730| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2731| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
2732| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
2733| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
2734| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
2735| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
2736| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
2737| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2738| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2739| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2740| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2741| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2742| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
2743| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
2744| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
2745| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
2746| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
2747| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
2748| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
2749| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
2750| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
2751| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
2752| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
2753| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
2754| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
2755| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2756| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
2757| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
2758| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
2759| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
2760| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2761| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
2762| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
2763| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
2764| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
2765| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2766| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
2767| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
2768| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
2769| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
2770| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
2771| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2772| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
2773| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
2774| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
2775| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
2776| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
2777| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
2778| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2779| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
2780| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
2781| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2782| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
2783| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
2784| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
2785| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
2786| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
2787| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
2788| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
2789| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
2790| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
2791| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
2792| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
2793| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
2794| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
2795| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
2796| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
2797| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
2798| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
2799| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
2800| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
2801| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
2802| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
2803| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
2804| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
2805| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
2806| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
2807| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
2808| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
2809| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
2810| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
2811| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
2812| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
2813| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
2814| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
2815| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
2816| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
2817| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2818| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
2819| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
2820| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2821| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2822| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
2823| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
2824| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
2825| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
2826| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
2827| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
2828| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
2829| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
2830| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
2831| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2832| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
2833| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
2834| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
2835| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
2836| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
2837| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
2838| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
2839| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
2840| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
2841| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
2842| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
2843| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
2844| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
2845| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
2846| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
2847| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
2848| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
2849| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
2850| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
2851| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
2852| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
2853| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
2854| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
2855| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
2856| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
2857| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
2858| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
2859| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2860| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
2861| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
2862| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
2863| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
2864| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
2865| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
2866| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
2867| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
2868| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
2869| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
2870| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
2871| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
2872| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
2873| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
2874| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
2875| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2876| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
2877| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
2878| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
2879| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
2880| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
2881| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
2882| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2883| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
2884| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
2885| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
2886| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
2887| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
2888| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
2889| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
2890| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
2891| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
2892| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
2893| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
2894| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
2895| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
2896| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
2897| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
2898| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
2899| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
2900| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
2901| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
2902| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
2903| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
2904| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
2905| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
2906| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
2907| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
2908| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
2909| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
2910| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
2911| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
2912| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
2913| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
2914| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
2915| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
2916| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2917| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
2918| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
2919| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
2920| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
2921| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
2922| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
2923| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
2924| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
2925| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
2926| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
2927| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
2928| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
2929| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
2930| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
2931| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2932| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
2933| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
2934| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
2935| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
2936| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
2937| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
2938| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
2939| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
2940| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
2941| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
2942| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
2943| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
2944| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
2945| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
2946| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
2947| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
2948| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
2949| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
2950| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
2951| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
2952| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
2953| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
2954| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
2955| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
2956| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
2957| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
2958| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
2959| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
2960| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
2961| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
2962| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
2963| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
2964| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
2965| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
2966| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
2967| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
2968| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
2969| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
2970| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
2971| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
2972| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
2973| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
2974| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
2975| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
2976| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
2977| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
2978| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
2979| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
2980| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
2981| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
2982| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
2983| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
2984| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
2985| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
2986| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
2987| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
2988| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
2989| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2990| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2991| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
2992| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
2993| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
2994| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
2995| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
2996| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
2997| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
2998| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
2999| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3000| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3001| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3002| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3003| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3004| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3005| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3006| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3007| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3008| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3009| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3010| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3011| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3012| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3013| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3014| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3015| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3016| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3017| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3018| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3019| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3020| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3021| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3022| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3023| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3024| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3025| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3026| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3027| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3028| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3029| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3030| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3031| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3032| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3033| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3034| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3035| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3036| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3037| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3038| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3039| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3040| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3041| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3042| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3043| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3044| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3045| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3046| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3047| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3048| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3049| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3050| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3051| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3052| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3053| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3054| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3055| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3056| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3057| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3058| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3059| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3060| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3061| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3062| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3063| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3064| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3065| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3066| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3067| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3068| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3069| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3070| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3071| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3072| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3073| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3074| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3075| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3076| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3077| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3078| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3079| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3080| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3081| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3082| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3083| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3084| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3085| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3086| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3087| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3088| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3089| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3090| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3091| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3092| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3093| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3094| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3095| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3096| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3097| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3098| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3099| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3100| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3101| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3102| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3103| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3104| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3105| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3106| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3107| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3108| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3109| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3110| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3111| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3112| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3113| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3114| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3115| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3116| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3117| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3118| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3119| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3120| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3121| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3122| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3123| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3124| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3125| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3126| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3127| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3128| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3129| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3130| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3131| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3132| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3133| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3134| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3135| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3136| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3137| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3138| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3139| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3140| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3141| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3142| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3143| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3144| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3145| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3146| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3147| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3148| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3149| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3150| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3151| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3152| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3153| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3154| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3155| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3156| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3157| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3158| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3159| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3160| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3161| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3162| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3163| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3164| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3165| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3166| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3167| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3168| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3169| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3170| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3171| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3172| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3173| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3174| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3175| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3176| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3177| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3178| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3179| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3180| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3181| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3182| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3183| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3184| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3185| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3186| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3187| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3188| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3189| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3190| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3191| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3192| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3193| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3194| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3195| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3196| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3197| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3198| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3199| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3200| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3201| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3202| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3203| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3204| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3205| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3206| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3207| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3208| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3209| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3210| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3211| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3212| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3213| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3214| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3215| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3216| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3217| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3218| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3219| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3220| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3221| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3222| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3223| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3224| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3225| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3226| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3227| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3228| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3229| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3230| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3231| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3232| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3233| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3234| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3235| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3236| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3237| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3238| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3239| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3240| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3241| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3242| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3243| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3244| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3245| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3246| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3247| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3248| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3249| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3250| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3251| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3252| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3253| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3254| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3255| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3256| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3257| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3258| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3259| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3260| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3261| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3262| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3263| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3264| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3265| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3266| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3267| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3268| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3269| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3270| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3271| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3272| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3273| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3274| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3275| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3276| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3277| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3278| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3279| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3280| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3281| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3282| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3283| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3284| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3285| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3286| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3287| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3288| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3289| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3290| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3291| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3292| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3293| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3294| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3295| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3296| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3297| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3298| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3299| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3300| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3301| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3302| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3303| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3304| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3305|
3306| SecurityFocus - https://www.securityfocus.com/bid/:
3307| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3308| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3309| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3310| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3311| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3312| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3313| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3314| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3315| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3316| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3317| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3318| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3319| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3320| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3321| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3322| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3323| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3324| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3325| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3326| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3327| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3328| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3329| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3330| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3331| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3332| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3333| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3334| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3335| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3336| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3337| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3338| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3339| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3340| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3341| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3342| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3343| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3344| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3345| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3346| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3347| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3348| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3349| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3350| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3351| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3352| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3353| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3354| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3355| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3356| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3357| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3358| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3359| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3360| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3361| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3362| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3363| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3364| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3365| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3366| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3367| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3368| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3369| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3370| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3371| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3372| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3373| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3374| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3375| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3376| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3377| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3378| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3379| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3380| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3381| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3382| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3383| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3384| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3385| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3386| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3387| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3388| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3389| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3390| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3391| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3392| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3393| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3394| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3395| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3396| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3397| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3398| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3399| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3400| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3401| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3402| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3403| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3404| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3405| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3406| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3407| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3408| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3409| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3410| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3411| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3412| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3413| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3414| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3415| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3416| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3417| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3418| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3419| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3420| [100447] Apache2Triad Multiple Security Vulnerabilities
3421| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3422| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3423| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3424| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3425| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3426| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3427| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3428| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3429| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3430| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3431| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3432| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3433| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3434| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3435| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3436| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3437| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3438| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3439| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3440| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3441| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3442| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3443| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3444| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3445| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3446| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3447| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3448| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3449| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3450| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3451| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3452| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3453| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3454| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3455| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3456| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3457| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3458| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3459| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3460| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3461| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3462| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3463| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3464| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3465| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3466| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3467| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3468| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3469| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3470| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3471| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3472| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3473| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3474| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3475| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3476| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3477| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3478| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3479| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3480| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3481| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3482| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3483| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3484| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3485| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3486| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3487| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3488| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3489| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3490| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3491| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3492| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3493| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3494| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3495| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3496| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3497| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3498| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3499| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3500| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3501| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3502| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3503| [95675] Apache Struts Remote Code Execution Vulnerability
3504| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3505| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3506| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3507| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3508| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3509| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3510| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3511| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3512| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3513| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3514| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3515| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3516| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3517| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3518| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3519| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3520| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3521| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3522| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3523| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3524| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3525| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3526| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3527| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3528| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3529| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3530| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3531| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3532| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3533| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3534| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3535| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3536| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3537| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3538| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3539| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3540| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3541| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3542| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3543| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3544| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3545| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3546| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3547| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3548| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3549| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3550| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3551| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3552| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3553| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3554| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3555| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3556| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3557| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3558| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3559| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3560| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3561| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3562| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3563| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3564| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3565| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3566| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3567| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3568| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3569| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3570| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3571| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3572| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3573| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3574| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3575| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3576| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3577| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3578| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3579| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3580| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3581| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3582| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3583| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3584| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3585| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3586| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3587| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3588| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3589| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3590| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3591| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3592| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3593| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3594| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3595| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3596| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3597| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3598| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3599| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3600| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3601| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3602| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3603| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3604| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3605| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3606| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3607| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3608| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3609| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3610| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3611| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3612| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3613| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3614| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3615| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3616| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3617| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3618| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3619| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3620| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3621| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3622| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3623| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3624| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3625| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3626| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3627| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3628| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3629| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3630| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3631| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3632| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3633| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3634| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3635| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3636| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3637| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3638| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3639| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3640| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3641| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3642| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3643| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3644| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3645| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3646| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3647| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3648| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3649| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3650| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3651| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3652| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3653| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3654| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3655| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3656| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3657| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3658| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3659| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3660| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3661| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3662| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3663| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3664| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3665| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3666| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3667| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3668| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3669| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3670| [76933] Apache James Server Unspecified Command Execution Vulnerability
3671| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3672| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3673| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3674| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3675| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3676| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3677| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3678| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3679| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3680| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3681| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3682| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3683| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3684| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3685| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3686| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3687| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3688| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3689| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3690| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3691| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3692| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3693| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3694| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3695| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3696| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3697| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3698| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3699| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3700| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3701| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3702| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3703| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3704| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3705| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3706| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3707| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3708| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3709| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3710| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3711| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3712| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3713| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3714| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3715| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3716| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3717| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3718| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3719| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3720| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3721| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3722| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3723| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3724| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3725| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3726| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3727| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3728| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3729| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3730| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3731| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
3732| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
3733| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
3734| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
3735| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
3736| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
3737| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
3738| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
3739| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
3740| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
3741| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
3742| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
3743| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
3744| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
3745| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
3746| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
3747| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
3748| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
3749| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
3750| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
3751| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
3752| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
3753| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
3754| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
3755| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
3756| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
3757| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
3758| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
3759| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
3760| [68229] Apache Harmony PRNG Entropy Weakness
3761| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
3762| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
3763| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
3764| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
3765| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
3766| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
3767| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
3768| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
3769| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
3770| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
3771| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
3772| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
3773| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
3774| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
3775| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
3776| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
3777| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
3778| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
3779| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
3780| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
3781| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
3782| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
3783| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
3784| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
3785| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
3786| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
3787| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
3788| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
3789| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
3790| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
3791| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
3792| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
3793| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
3794| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
3795| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
3796| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
3797| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
3798| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
3799| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
3800| [64780] Apache CloudStack Unauthorized Access Vulnerability
3801| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
3802| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
3803| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
3804| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
3805| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
3806| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
3807| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
3808| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
3809| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
3810| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
3811| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
3812| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3813| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
3814| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
3815| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
3816| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
3817| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
3818| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
3819| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
3820| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
3821| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
3822| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
3823| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
3824| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
3825| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
3826| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
3827| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
3828| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
3829| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
3830| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
3831| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
3832| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
3833| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
3834| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
3835| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
3836| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
3837| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
3838| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
3839| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
3840| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
3841| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
3842| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
3843| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
3844| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
3845| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
3846| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
3847| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
3848| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
3849| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
3850| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
3851| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
3852| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
3853| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
3854| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
3855| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
3856| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
3857| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
3858| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
3859| [59670] Apache VCL Multiple Input Validation Vulnerabilities
3860| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
3861| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
3862| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
3863| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
3864| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
3865| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
3866| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
3867| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
3868| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
3869| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
3870| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
3871| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
3872| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
3873| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
3874| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
3875| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
3876| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
3877| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
3878| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
3879| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
3880| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
3881| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
3882| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
3883| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
3884| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
3885| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
3886| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
3887| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
3888| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
3889| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
3890| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
3891| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
3892| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
3893| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
3894| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
3895| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
3896| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
3897| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
3898| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
3899| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
3900| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
3901| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
3902| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
3903| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
3904| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
3905| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
3906| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
3907| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
3908| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
3909| [54798] Apache Libcloud Man In The Middle Vulnerability
3910| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
3911| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
3912| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
3913| [54189] Apache Roller Cross Site Request Forgery Vulnerability
3914| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
3915| [53880] Apache CXF Child Policies Security Bypass Vulnerability
3916| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
3917| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
3918| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
3919| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
3920| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
3921| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
3922| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
3923| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
3924| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
3925| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
3926| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
3927| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
3928| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
3929| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
3930| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
3931| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
3932| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
3933| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
3934| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
3935| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
3936| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3937| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
3938| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
3939| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
3940| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
3941| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
3942| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
3943| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
3944| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
3945| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
3946| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
3947| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
3948| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
3949| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
3950| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3951| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
3952| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
3953| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
3954| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
3955| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
3956| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
3957| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
3958| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
3959| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
3960| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
3961| [49290] Apache Wicket Cross Site Scripting Vulnerability
3962| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
3963| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
3964| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
3965| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
3966| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
3967| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
3968| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
3969| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3970| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
3971| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
3972| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
3973| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
3974| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
3975| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
3976| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
3977| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
3978| [46953] Apache MPM-ITK Module Security Weakness
3979| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
3980| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
3981| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
3982| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
3983| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
3984| [46166] Apache Tomcat JVM Denial of Service Vulnerability
3985| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
3986| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
3987| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
3988| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
3989| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
3990| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
3991| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
3992| [44616] Apache Shiro Directory Traversal Vulnerability
3993| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
3994| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
3995| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
3996| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
3997| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
3998| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
3999| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4000| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4001| [42492] Apache CXF XML DTD Processing Security Vulnerability
4002| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4003| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4004| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4005| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4006| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4007| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4008| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4009| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4010| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4011| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4012| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4013| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4014| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4015| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4016| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4017| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4018| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4019| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4020| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4021| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4022| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4023| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4024| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4025| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4026| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4027| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4028| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4029| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4030| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4031| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4032| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4033| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4034| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4035| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4036| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4037| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4038| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4039| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4040| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4041| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4042| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4043| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4044| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4045| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4046| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4047| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4048| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4049| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4050| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4051| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4052| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4053| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4054| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4055| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4056| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4057| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4058| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4059| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4060| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4061| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4062| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4063| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4064| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4065| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4066| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4067| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4068| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4069| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4070| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4071| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4072| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4073| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4074| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4075| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4076| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4077| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4078| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4079| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4080| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4081| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4082| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4083| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4084| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4085| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4086| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4087| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4088| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4089| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4090| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4091| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4092| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4093| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4094| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4095| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4096| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4097| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4098| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4099| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4100| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4101| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4102| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4103| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4104| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4105| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4106| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4107| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4108| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4109| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4110| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4111| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4112| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4113| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4114| [20527] Apache Mod_TCL Remote Format String Vulnerability
4115| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4116| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4117| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4118| [19106] Apache Tomcat Information Disclosure Vulnerability
4119| [18138] Apache James SMTP Denial Of Service Vulnerability
4120| [17342] Apache Struts Multiple Remote Vulnerabilities
4121| [17095] Apache Log4Net Denial Of Service Vulnerability
4122| [16916] Apache mod_python FileSession Code Execution Vulnerability
4123| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4124| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4125| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4126| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4127| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4128| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4129| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4130| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4131| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4132| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4133| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4134| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4135| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4136| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4137| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4138| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4139| [14106] Apache HTTP Request Smuggling Vulnerability
4140| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4141| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4142| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4143| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4144| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4145| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4146| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4147| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4148| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4149| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4150| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4151| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4152| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4153| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4154| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4155| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4156| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4157| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4158| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4159| [11094] Apache mod_ssl Denial Of Service Vulnerability
4160| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4161| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4162| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4163| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4164| [10478] ClueCentral Apache Suexec Patch Security Weakness
4165| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4166| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4167| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4168| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4169| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4170| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4171| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4172| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4173| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4174| [9733] Apache Cygwin Directory Traversal Vulnerability
4175| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4176| [9590] Apache-SSL Client Certificate Forging Vulnerability
4177| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4178| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4179| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4180| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4181| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4182| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4183| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4184| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4185| [8898] Red Hat Apache Directory Index Default Configuration Error
4186| [8883] Apache Cocoon Directory Traversal Vulnerability
4187| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4188| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4189| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4190| [8707] Apache htpasswd Password Entropy Weakness
4191| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4192| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4193| [8226] Apache HTTP Server Multiple Vulnerabilities
4194| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4195| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4196| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4197| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4198| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4199| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4200| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4201| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4202| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4203| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4204| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4205| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4206| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4207| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4208| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4209| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4210| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4211| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4212| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4213| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4214| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4215| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4216| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4217| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4218| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4219| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4220| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4221| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4222| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4223| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4224| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4225| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4226| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4227| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4228| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4229| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4230| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4231| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4232| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4233| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4234| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4235| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4236| [5485] Apache 2.0 Path Disclosure Vulnerability
4237| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4238| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4239| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4240| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4241| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4242| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4243| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4244| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4245| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4246| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4247| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4248| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4249| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4250| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4251| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4252| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4253| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4254| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4255| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4256| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4257| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4258| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4259| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4260| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4261| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4262| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4263| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4264| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4265| [3596] Apache Split-Logfile File Append Vulnerability
4266| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4267| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4268| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4269| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4270| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4271| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4272| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4273| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4274| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4275| [3169] Apache Server Address Disclosure Vulnerability
4276| [3009] Apache Possible Directory Index Disclosure Vulnerability
4277| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4278| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4279| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4280| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4281| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4282| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4283| [2216] Apache Web Server DoS Vulnerability
4284| [2182] Apache /tmp File Race Vulnerability
4285| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4286| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4287| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4288| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4289| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4290| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4291| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4292| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4293| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4294| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4295| [1457] Apache::ASP source.asp Example Script Vulnerability
4296| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4297| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4298|
4299| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4300| [86258] Apache CloudStack text fields cross-site scripting
4301| [85983] Apache Subversion mod_dav_svn module denial of service
4302| [85875] Apache OFBiz UEL code execution
4303| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4304| [85871] Apache HTTP Server mod_session_dbd unspecified
4305| [85756] Apache Struts OGNL expression command execution
4306| [85755] Apache Struts DefaultActionMapper class open redirect
4307| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4308| [85574] Apache HTTP Server mod_dav denial of service
4309| [85573] Apache Struts Showcase App OGNL code execution
4310| [85496] Apache CXF denial of service
4311| [85423] Apache Geronimo RMI classloader code execution
4312| [85326] Apache Santuario XML Security for C++ buffer overflow
4313| [85323] Apache Santuario XML Security for Java spoofing
4314| [85319] Apache Qpid Python client SSL spoofing
4315| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4316| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4317| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4318| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4319| [84952] Apache Tomcat CVE-2012-3544 denial of service
4320| [84763] Apache Struts CVE-2013-2135 security bypass
4321| [84762] Apache Struts CVE-2013-2134 security bypass
4322| [84719] Apache Subversion CVE-2013-2088 command execution
4323| [84718] Apache Subversion CVE-2013-2112 denial of service
4324| [84717] Apache Subversion CVE-2013-1968 denial of service
4325| [84577] Apache Tomcat security bypass
4326| [84576] Apache Tomcat symlink
4327| [84543] Apache Struts CVE-2013-2115 security bypass
4328| [84542] Apache Struts CVE-2013-1966 security bypass
4329| [84154] Apache Tomcat session hijacking
4330| [84144] Apache Tomcat denial of service
4331| [84143] Apache Tomcat information disclosure
4332| [84111] Apache HTTP Server command execution
4333| [84043] Apache Virtual Computing Lab cross-site scripting
4334| [84042] Apache Virtual Computing Lab cross-site scripting
4335| [83782] Apache CloudStack information disclosure
4336| [83781] Apache CloudStack security bypass
4337| [83720] Apache ActiveMQ cross-site scripting
4338| [83719] Apache ActiveMQ denial of service
4339| [83718] Apache ActiveMQ denial of service
4340| [83263] Apache Subversion denial of service
4341| [83262] Apache Subversion denial of service
4342| [83261] Apache Subversion denial of service
4343| [83259] Apache Subversion denial of service
4344| [83035] Apache mod_ruid2 security bypass
4345| [82852] Apache Qpid federation_tag security bypass
4346| [82851] Apache Qpid qpid::framing::Buffer denial of service
4347| [82758] Apache Rave User RPC API information disclosure
4348| [82663] Apache Subversion svn_fs_file_length() denial of service
4349| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4350| [82641] Apache Qpid AMQP denial of service
4351| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4352| [82618] Apache Commons FileUpload symlink
4353| [82360] Apache HTTP Server manager interface cross-site scripting
4354| [82359] Apache HTTP Server hostnames cross-site scripting
4355| [82338] Apache Tomcat log/logdir information disclosure
4356| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4357| [82268] Apache OpenJPA deserialization command execution
4358| [81981] Apache CXF UsernameTokens security bypass
4359| [81980] Apache CXF WS-Security security bypass
4360| [81398] Apache OFBiz cross-site scripting
4361| [81240] Apache CouchDB directory traversal
4362| [81226] Apache CouchDB JSONP code execution
4363| [81225] Apache CouchDB Futon user interface cross-site scripting
4364| [81211] Apache Axis2/C SSL spoofing
4365| [81167] Apache CloudStack DeployVM information disclosure
4366| [81166] Apache CloudStack AddHost API information disclosure
4367| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4368| [80518] Apache Tomcat cross-site request forgery security bypass
4369| [80517] Apache Tomcat FormAuthenticator security bypass
4370| [80516] Apache Tomcat NIO denial of service
4371| [80408] Apache Tomcat replay-countermeasure security bypass
4372| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4373| [80317] Apache Tomcat slowloris denial of service
4374| [79984] Apache Commons HttpClient SSL spoofing
4375| [79983] Apache CXF SSL spoofing
4376| [79830] Apache Axis2/Java SSL spoofing
4377| [79829] Apache Axis SSL spoofing
4378| [79809] Apache Tomcat DIGEST security bypass
4379| [79806] Apache Tomcat parseHeaders() denial of service
4380| [79540] Apache OFBiz unspecified
4381| [79487] Apache Axis2 SAML security bypass
4382| [79212] Apache Cloudstack code execution
4383| [78734] Apache CXF SOAP Action security bypass
4384| [78730] Apache Qpid broker denial of service
4385| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4386| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4387| [78562] Apache mod_pagespeed module security bypass
4388| [78454] Apache Axis2 security bypass
4389| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4390| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4391| [78321] Apache Wicket unspecified cross-site scripting
4392| [78183] Apache Struts parameters denial of service
4393| [78182] Apache Struts cross-site request forgery
4394| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4395| [77987] mod_rpaf module for Apache denial of service
4396| [77958] Apache Struts skill name code execution
4397| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4398| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4399| [77568] Apache Qpid broker security bypass
4400| [77421] Apache Libcloud spoofing
4401| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4402| [77046] Oracle Solaris Apache HTTP Server information disclosure
4403| [76837] Apache Hadoop information disclosure
4404| [76802] Apache Sling CopyFrom denial of service
4405| [76692] Apache Hadoop symlink
4406| [76535] Apache Roller console cross-site request forgery
4407| [76534] Apache Roller weblog cross-site scripting
4408| [76152] Apache CXF elements security bypass
4409| [76151] Apache CXF child policies security bypass
4410| [75983] MapServer for Windows Apache file include
4411| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4412| [75558] Apache POI denial of service
4413| [75545] PHP apache_request_headers() buffer overflow
4414| [75302] Apache Qpid SASL security bypass
4415| [75211] Debian GNU/Linux apache 2 cross-site scripting
4416| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4417| [74871] Apache OFBiz FlexibleStringExpander code execution
4418| [74870] Apache OFBiz multiple cross-site scripting
4419| [74750] Apache Hadoop unspecified spoofing
4420| [74319] Apache Struts XSLTResult.java file upload
4421| [74313] Apache Traffic Server header buffer overflow
4422| [74276] Apache Wicket directory traversal
4423| [74273] Apache Wicket unspecified cross-site scripting
4424| [74181] Apache HTTP Server mod_fcgid module denial of service
4425| [73690] Apache Struts OGNL code execution
4426| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4427| [73100] Apache MyFaces in directory traversal
4428| [73096] Apache APR hash denial of service
4429| [73052] Apache Struts name cross-site scripting
4430| [73030] Apache CXF UsernameToken security bypass
4431| [72888] Apache Struts lastName cross-site scripting
4432| [72758] Apache HTTP Server httpOnly information disclosure
4433| [72757] Apache HTTP Server MPM denial of service
4434| [72585] Apache Struts ParameterInterceptor security bypass
4435| [72438] Apache Tomcat Digest security bypass
4436| [72437] Apache Tomcat Digest security bypass
4437| [72436] Apache Tomcat DIGEST security bypass
4438| [72425] Apache Tomcat parameter denial of service
4439| [72422] Apache Tomcat request object information disclosure
4440| [72377] Apache HTTP Server scoreboard security bypass
4441| [72345] Apache HTTP Server HTTP request denial of service
4442| [72229] Apache Struts ExceptionDelegator command execution
4443| [72089] Apache Struts ParameterInterceptor directory traversal
4444| [72088] Apache Struts CookieInterceptor command execution
4445| [72047] Apache Geronimo hash denial of service
4446| [72016] Apache Tomcat hash denial of service
4447| [71711] Apache Struts OGNL expression code execution
4448| [71654] Apache Struts interfaces security bypass
4449| [71620] Apache ActiveMQ failover denial of service
4450| [71617] Apache HTTP Server mod_proxy module information disclosure
4451| [71508] Apache MyFaces EL security bypass
4452| [71445] Apache HTTP Server mod_proxy security bypass
4453| [71203] Apache Tomcat servlets privilege escalation
4454| [71181] Apache HTTP Server ap_pregsub() denial of service
4455| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4456| [70336] Apache HTTP Server mod_proxy information disclosure
4457| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4458| [69472] Apache Tomcat AJP security bypass
4459| [69396] Apache HTTP Server ByteRange filter denial of service
4460| [69394] Apache Wicket multi window support cross-site scripting
4461| [69176] Apache Tomcat XML information disclosure
4462| [69161] Apache Tomcat jsvc information disclosure
4463| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4464| [68541] Apache Tomcat sendfile information disclosure
4465| [68420] Apache XML Security denial of service
4466| [68238] Apache Tomcat JMX information disclosure
4467| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4468| [67804] Apache Subversion control rules information disclosure
4469| [67803] Apache Subversion control rules denial of service
4470| [67802] Apache Subversion baselined denial of service
4471| [67672] Apache Archiva multiple cross-site scripting
4472| [67671] Apache Archiva multiple cross-site request forgery
4473| [67564] Apache APR apr_fnmatch() denial of service
4474| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4475| [67515] Apache Tomcat annotations security bypass
4476| [67480] Apache Struts s:submit information disclosure
4477| [67414] Apache APR apr_fnmatch() denial of service
4478| [67356] Apache Struts javatemplates cross-site scripting
4479| [67354] Apache Struts Xwork cross-site scripting
4480| [66676] Apache Tomcat HTTP BIO information disclosure
4481| [66675] Apache Tomcat web.xml security bypass
4482| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4483| [66241] Apache HttpComponents information disclosure
4484| [66154] Apache Tomcat ServletSecurity security bypass
4485| [65971] Apache Tomcat ServletSecurity security bypass
4486| [65876] Apache Subversion mod_dav_svn denial of service
4487| [65343] Apache Continuum unspecified cross-site scripting
4488| [65162] Apache Tomcat NIO connector denial of service
4489| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4490| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4491| [65159] Apache Tomcat ServletContect security bypass
4492| [65050] Apache CouchDB web-based administration UI cross-site scripting
4493| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4494| [64473] Apache Subversion blame -g denial of service
4495| [64472] Apache Subversion walk() denial of service
4496| [64407] Apache Axis2 CVE-2010-0219 code execution
4497| [63926] Apache Archiva password privilege escalation
4498| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4499| [63493] Apache Archiva credentials cross-site request forgery
4500| [63477] Apache Tomcat HttpOnly session hijacking
4501| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4502| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4503| [62959] Apache Shiro filters security bypass
4504| [62790] Apache Perl cgi module denial of service
4505| [62576] Apache Qpid exchange denial of service
4506| [62575] Apache Qpid AMQP denial of service
4507| [62354] Apache Qpid SSL denial of service
4508| [62235] Apache APR-util apr_brigade_split_line() denial of service
4509| [62181] Apache XML-RPC SAX Parser information disclosure
4510| [61721] Apache Traffic Server cache poisoning
4511| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4512| [61186] Apache CouchDB Futon cross-site request forgery
4513| [61169] Apache CXF DTD denial of service
4514| [61070] Apache Jackrabbit search.jsp SQL injection
4515| [61006] Apache SLMS Quoting cross-site request forgery
4516| [60962] Apache Tomcat time cross-site scripting
4517| [60883] Apache mod_proxy_http information disclosure
4518| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4519| [60264] Apache Tomcat Transfer-Encoding denial of service
4520| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4521| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4522| [59413] Apache mod_proxy_http timeout information disclosure
4523| [59058] Apache MyFaces unencrypted view state cross-site scripting
4524| [58827] Apache Axis2 xsd file include
4525| [58790] Apache Axis2 modules cross-site scripting
4526| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4527| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4528| [58056] Apache ActiveMQ .jsp source code disclosure
4529| [58055] Apache Tomcat realm name information disclosure
4530| [58046] Apache HTTP Server mod_auth_shadow security bypass
4531| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4532| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4533| [57429] Apache CouchDB algorithms information disclosure
4534| [57398] Apache ActiveMQ Web console cross-site request forgery
4535| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4536| [56653] Apache HTTP Server DNS spoofing
4537| [56652] Apache HTTP Server DNS cross-site scripting
4538| [56625] Apache HTTP Server request header information disclosure
4539| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4540| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4541| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4542| [55857] Apache Tomcat WAR files directory traversal
4543| [55856] Apache Tomcat autoDeploy attribute security bypass
4544| [55855] Apache Tomcat WAR directory traversal
4545| [55210] Intuit component for Joomla! Apache information disclosure
4546| [54533] Apache Tomcat 404 error page cross-site scripting
4547| [54182] Apache Tomcat admin default password
4548| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4549| [53666] Apache HTTP Server Solaris pollset support denial of service
4550| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4551| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4552| [53041] mod_proxy_ftp module for Apache denial of service
4553| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4554| [51953] Apache Tomcat Path Disclosure
4555| [51952] Apache Tomcat Path Traversal
4556| [51951] Apache stronghold-status Information Disclosure
4557| [51950] Apache stronghold-info Information Disclosure
4558| [51949] Apache PHP Source Code Disclosure
4559| [51948] Apache Multiviews Attack
4560| [51946] Apache JServ Environment Status Information Disclosure
4561| [51945] Apache error_log Information Disclosure
4562| [51944] Apache Default Installation Page Pattern Found
4563| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4564| [51942] Apache AXIS XML External Entity File Retrieval
4565| [51941] Apache AXIS Sample Servlet Information Leak
4566| [51940] Apache access_log Information Disclosure
4567| [51626] Apache mod_deflate denial of service
4568| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4569| [51365] Apache Tomcat RequestDispatcher security bypass
4570| [51273] Apache HTTP Server Incomplete Request denial of service
4571| [51195] Apache Tomcat XML information disclosure
4572| [50994] Apache APR-util xml/apr_xml.c denial of service
4573| [50993] Apache APR-util apr_brigade_vprintf denial of service
4574| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4575| [50930] Apache Tomcat j_security_check information disclosure
4576| [50928] Apache Tomcat AJP denial of service
4577| [50884] Apache HTTP Server XML ENTITY denial of service
4578| [50808] Apache HTTP Server AllowOverride privilege escalation
4579| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4580| [50059] Apache mod_proxy_ajp information disclosure
4581| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4582| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4583| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4584| [49921] Apache ActiveMQ Web interface cross-site scripting
4585| [49898] Apache Geronimo Services/Repository directory traversal
4586| [49725] Apache Tomcat mod_jk module information disclosure
4587| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4588| [49712] Apache Struts unspecified cross-site scripting
4589| [49213] Apache Tomcat cal2.jsp cross-site scripting
4590| [48934] Apache Tomcat POST doRead method information disclosure
4591| [48211] Apache Tomcat header HTTP request smuggling
4592| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4593| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4594| [47709] Apache Roller "
4595| [47104] Novell Netware ApacheAdmin console security bypass
4596| [47086] Apache HTTP Server OS fingerprinting unspecified
4597| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4598| [45791] Apache Tomcat RemoteFilterValve security bypass
4599| [44435] Oracle WebLogic Apache Connector buffer overflow
4600| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4601| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4602| [44156] Apache Tomcat RequestDispatcher directory traversal
4603| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4604| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4605| [42987] Apache HTTP Server mod_proxy module denial of service
4606| [42915] Apache Tomcat JSP files path disclosure
4607| [42914] Apache Tomcat MS-DOS path disclosure
4608| [42892] Apache Tomcat unspecified unauthorized access
4609| [42816] Apache Tomcat Host Manager cross-site scripting
4610| [42303] Apache 403 error cross-site scripting
4611| [41618] Apache-SSL ExpandCert() authentication bypass
4612| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4613| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4614| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4615| [40562] Apache Geronimo init information disclosure
4616| [40478] Novell Web Manager webadmin-apache.conf security bypass
4617| [40411] Apache Tomcat exception handling information disclosure
4618| [40409] Apache Tomcat native (APR based) connector weak security
4619| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4620| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4621| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4622| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4623| [39804] Apache Tomcat SingleSignOn information disclosure
4624| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4625| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4626| [39608] Apache HTTP Server balancer manager cross-site request forgery
4627| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4628| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4629| [39472] Apache HTTP Server mod_status cross-site scripting
4630| [39201] Apache Tomcat JULI logging weak security
4631| [39158] Apache HTTP Server Windows SMB shares information disclosure
4632| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4633| [38951] Apache::AuthCAS Perl module cookie SQL injection
4634| [38800] Apache HTTP Server 413 error page cross-site scripting
4635| [38211] Apache Geronimo SQLLoginModule authentication bypass
4636| [37243] Apache Tomcat WebDAV directory traversal
4637| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4638| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4639| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4640| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4641| [36782] Apache Geronimo MEJB unauthorized access
4642| [36586] Apache HTTP Server UTF-7 cross-site scripting
4643| [36468] Apache Geronimo LoginModule security bypass
4644| [36467] Apache Tomcat functions.jsp cross-site scripting
4645| [36402] Apache Tomcat calendar cross-site request forgery
4646| [36354] Apache HTTP Server mod_proxy module denial of service
4647| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4648| [36336] Apache Derby lock table privilege escalation
4649| [36335] Apache Derby schema privilege escalation
4650| [36006] Apache Tomcat "
4651| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4652| [35999] Apache Tomcat \"
4653| [35795] Apache Tomcat CookieExample cross-site scripting
4654| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4655| [35384] Apache HTTP Server mod_cache module denial of service
4656| [35097] Apache HTTP Server mod_status module cross-site scripting
4657| [35095] Apache HTTP Server Prefork MPM module denial of service
4658| [34984] Apache HTTP Server recall_headers information disclosure
4659| [34966] Apache HTTP Server MPM content spoofing
4660| [34965] Apache HTTP Server MPM information disclosure
4661| [34963] Apache HTTP Server MPM multiple denial of service
4662| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4663| [34869] Apache Tomcat JSP example Web application cross-site scripting
4664| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4665| [34496] Apache Tomcat JK Connector security bypass
4666| [34377] Apache Tomcat hello.jsp cross-site scripting
4667| [34212] Apache Tomcat SSL configuration security bypass
4668| [34210] Apache Tomcat Accept-Language cross-site scripting
4669| [34209] Apache Tomcat calendar application cross-site scripting
4670| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4671| [34167] Apache Axis WSDL file path disclosure
4672| [34068] Apache Tomcat AJP connector information disclosure
4673| [33584] Apache HTTP Server suEXEC privilege escalation
4674| [32988] Apache Tomcat proxy module directory traversal
4675| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4676| [32708] Debian Apache tty privilege escalation
4677| [32441] ApacheStats extract() PHP call unspecified
4678| [32128] Apache Tomcat default account
4679| [31680] Apache Tomcat RequestParamExample cross-site scripting
4680| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4681| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4682| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4683| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4684| [29550] Apache mod_tcl set_var() format string
4685| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4686| [28357] Apache HTTP Server mod_alias script source information disclosure
4687| [28063] Apache mod_rewrite off-by-one buffer overflow
4688| [27902] Apache Tomcat URL information disclosure
4689| [26786] Apache James SMTP server denial of service
4690| [25680] libapache2 /tmp/svn file upload
4691| [25614] Apache Struts lookupMap cross-site scripting
4692| [25613] Apache Struts ActionForm denial of service
4693| [25612] Apache Struts isCancelled() security bypass
4694| [24965] Apache mod_python FileSession command execution
4695| [24716] Apache James spooler memory leak denial of service
4696| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4697| [24158] Apache Geronimo jsp-examples cross-site scripting
4698| [24030] Apache auth_ldap module multiple format strings
4699| [24008] Apache mod_ssl custom error message denial of service
4700| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4701| [23612] Apache mod_imap referer field cross-site scripting
4702| [23173] Apache Struts error message cross-site scripting
4703| [22942] Apache Tomcat directory listing denial of service
4704| [22858] Apache Multi-Processing Module code allows denial of service
4705| [22602] RHSA-2005:582 updates for Apache httpd not installed
4706| [22520] Apache mod-auth-shadow "
4707| [22466] ApacheTop symlink
4708| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4709| [22006] Apache HTTP Server byte-range filter denial of service
4710| [21567] Apache mod_ssl off-by-one buffer overflow
4711| [21195] Apache HTTP Server header HTTP request smuggling
4712| [20383] Apache HTTP Server htdigest buffer overflow
4713| [19681] Apache Tomcat AJP12 request denial of service
4714| [18993] Apache HTTP server check_forensic symlink attack
4715| [18790] Apache Tomcat Manager cross-site scripting
4716| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4717| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4718| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4719| [17961] Apache Web server ServerTokens has not been set
4720| [17930] Apache HTTP Server HTTP GET request denial of service
4721| [17785] Apache mod_include module buffer overflow
4722| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4723| [17473] Apache HTTP Server Satisfy directive allows access to resources
4724| [17413] Apache htpasswd buffer overflow
4725| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4726| [17382] Apache HTTP Server IPv6 apr_util denial of service
4727| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4728| [17273] Apache HTTP Server speculative mode denial of service
4729| [17200] Apache HTTP Server mod_ssl denial of service
4730| [16890] Apache HTTP Server server-info request has been detected
4731| [16889] Apache HTTP Server server-status request has been detected
4732| [16705] Apache mod_ssl format string attack
4733| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
4734| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
4735| [16230] Apache HTTP Server PHP denial of service
4736| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
4737| [15958] Apache HTTP Server authentication modules memory corruption
4738| [15547] Apache HTTP Server mod_disk_cache local information disclosure
4739| [15540] Apache HTTP Server socket starvation denial of service
4740| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
4741| [15422] Apache HTTP Server mod_access information disclosure
4742| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
4743| [15293] Apache for Cygwin "
4744| [15065] Apache-SSL has a default password
4745| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
4746| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
4747| [14751] Apache Mod_python output filter information disclosure
4748| [14125] Apache HTTP Server mod_userdir module information disclosure
4749| [14075] Apache HTTP Server mod_php file descriptor leak
4750| [13703] Apache HTTP Server account
4751| [13689] Apache HTTP Server configuration allows symlinks
4752| [13688] Apache HTTP Server configuration allows SSI
4753| [13687] Apache HTTP Server Server: header value
4754| [13685] Apache HTTP Server ServerTokens value
4755| [13684] Apache HTTP Server ServerSignature value
4756| [13672] Apache HTTP Server config allows directory autoindexing
4757| [13671] Apache HTTP Server default content
4758| [13670] Apache HTTP Server config file directive references outside content root
4759| [13668] Apache HTTP Server httpd not running in chroot environment
4760| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
4761| [13664] Apache HTTP Server config file contains ScriptAlias entry
4762| [13663] Apache HTTP Server CGI support modules loaded
4763| [13661] Apache HTTP Server config file contains AddHandler entry
4764| [13660] Apache HTTP Server 500 error page not CGI script
4765| [13659] Apache HTTP Server 413 error page not CGI script
4766| [13658] Apache HTTP Server 403 error page not CGI script
4767| [13657] Apache HTTP Server 401 error page not CGI script
4768| [13552] Apache HTTP Server mod_cgid module information disclosure
4769| [13550] Apache GET request directory traversal
4770| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
4771| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
4772| [13429] Apache Tomcat non-HTTP request denial of service
4773| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
4774| [13295] Apache weak password encryption
4775| [13254] Apache Tomcat .jsp cross-site scripting
4776| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
4777| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
4778| [12681] Apache HTTP Server mod_proxy could allow mail relaying
4779| [12662] Apache HTTP Server rotatelogs denial of service
4780| [12554] Apache Tomcat stores password in plain text
4781| [12553] Apache HTTP Server redirects and subrequests denial of service
4782| [12552] Apache HTTP Server FTP proxy server denial of service
4783| [12551] Apache HTTP Server prefork MPM denial of service
4784| [12550] Apache HTTP Server weaker than expected encryption
4785| [12549] Apache HTTP Server type-map file denial of service
4786| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
4787| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
4788| [12091] Apache HTTP Server apr_password_validate denial of service
4789| [12090] Apache HTTP Server apr_psprintf code execution
4790| [11804] Apache HTTP Server mod_access_referer denial of service
4791| [11750] Apache HTTP Server could leak sensitive file descriptors
4792| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
4793| [11703] Apache long slash path allows directory listing
4794| [11695] Apache HTTP Server LF (Line Feed) denial of service
4795| [11694] Apache HTTP Server filestat.c denial of service
4796| [11438] Apache HTTP Server MIME message boundaries information disclosure
4797| [11412] Apache HTTP Server error log terminal escape sequence injection
4798| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
4799| [11195] Apache Tomcat web.xml could be used to read files
4800| [11194] Apache Tomcat URL appended with a null character could list directories
4801| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
4802| [11126] Apache HTTP Server illegal character file disclosure
4803| [11125] Apache HTTP Server DOS device name HTTP POST code execution
4804| [11124] Apache HTTP Server DOS device name denial of service
4805| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
4806| [10938] Apache HTTP Server printenv test CGI cross-site scripting
4807| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
4808| [10575] Apache mod_php module could allow an attacker to take over the httpd process
4809| [10499] Apache HTTP Server WebDAV HTTP POST view source
4810| [10457] Apache HTTP Server mod_ssl "
4811| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
4812| [10414] Apache HTTP Server htdigest multiple buffer overflows
4813| [10413] Apache HTTP Server htdigest temporary file race condition
4814| [10412] Apache HTTP Server htpasswd temporary file race condition
4815| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
4816| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
4817| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
4818| [10280] Apache HTTP Server shared memory scorecard overwrite
4819| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
4820| [10241] Apache HTTP Server Host: header cross-site scripting
4821| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
4822| [10208] Apache HTTP Server mod_dav denial of service
4823| [10206] HP VVOS Apache mod_ssl denial of service
4824| [10200] Apache HTTP Server stderr denial of service
4825| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
4826| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
4827| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
4828| [10098] Slapper worm targets OpenSSL/Apache systems
4829| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
4830| [9875] Apache HTTP Server .var file request could disclose installation path
4831| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
4832| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
4833| [9623] Apache HTTP Server ap_log_rerror() path disclosure
4834| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
4835| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
4836| [9396] Apache Tomcat null character to threads denial of service
4837| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
4838| [9249] Apache HTTP Server chunked encoding heap buffer overflow
4839| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
4840| [8932] Apache Tomcat example class information disclosure
4841| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
4842| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
4843| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
4844| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
4845| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
4846| [8400] Apache HTTP Server mod_frontpage buffer overflows
4847| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
4848| [8308] Apache "
4849| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
4850| [8119] Apache and PHP OPTIONS request reveals "
4851| [8054] Apache is running on the system
4852| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
4853| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
4854| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
4855| [7836] Apache HTTP Server log directory denial of service
4856| [7815] Apache for Windows "
4857| [7810] Apache HTTP request could result in unexpected behavior
4858| [7599] Apache Tomcat reveals installation path
4859| [7494] Apache "
4860| [7419] Apache Web Server could allow remote attackers to overwrite .log files
4861| [7363] Apache Web Server hidden HTTP requests
4862| [7249] Apache mod_proxy denial of service
4863| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
4864| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
4865| [7059] Apache "
4866| [7057] Apache "
4867| [7056] Apache "
4868| [7055] Apache "
4869| [7054] Apache "
4870| [6997] Apache Jakarta Tomcat error message may reveal information
4871| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
4872| [6970] Apache crafted HTTP request could reveal the internal IP address
4873| [6921] Apache long slash path allows directory listing
4874| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
4875| [6527] Apache Web Server for Windows and OS2 denial of service
4876| [6316] Apache Jakarta Tomcat may reveal JSP source code
4877| [6305] Apache Jakarta Tomcat directory traversal
4878| [5926] Linux Apache symbolic link
4879| [5659] Apache Web server discloses files when used with php script
4880| [5310] Apache mod_rewrite allows attacker to view arbitrary files
4881| [5204] Apache WebDAV directory listings
4882| [5197] Apache Web server reveals CGI script source code
4883| [5160] Apache Jakarta Tomcat default installation
4884| [5099] Trustix Secure Linux installs Apache with world writable access
4885| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
4886| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
4887| [4931] Apache source.asp example file allows users to write to files
4888| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
4889| [4205] Apache Jakarta Tomcat delivers file contents
4890| [2084] Apache on Debian by default serves the /usr/doc directory
4891| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
4892| [697] Apache HTTP server beck exploit
4893| [331] Apache cookies buffer overflow
4894|
4895| Exploit-DB - https://www.exploit-db.com:
4896| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
4897| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4898| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4899| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
4900| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
4901| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
4902| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
4903| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
4904| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
4905| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4906| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
4907| [29859] Apache Roller OGNL Injection
4908| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
4909| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
4910| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
4911| [29290] Apache / PHP 5.x Remote Code Execution Exploit
4912| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
4913| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
4914| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
4915| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
4916| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
4917| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
4918| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
4919| [27096] Apache Geronimo 1.0 Error Page XSS
4920| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
4921| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
4922| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
4923| [25986] Plesk Apache Zeroday Remote Exploit
4924| [25980] Apache Struts includeParams Remote Code Execution
4925| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
4926| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
4927| [24874] Apache Struts ParametersInterceptor Remote Code Execution
4928| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
4929| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
4930| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
4931| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
4932| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
4933| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
4934| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
4935| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
4936| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
4937| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
4938| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
4939| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
4940| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
4941| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
4942| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
4943| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
4944| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4945| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
4946| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
4947| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4948| [21719] Apache 2.0 Path Disclosure Vulnerability
4949| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4950| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
4951| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
4952| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
4953| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
4954| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
4955| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
4956| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
4957| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
4958| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
4959| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
4960| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
4961| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
4962| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
4963| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
4964| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
4965| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
4966| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
4967| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
4968| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
4969| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
4970| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
4971| [20558] Apache 1.2 Web Server DoS Vulnerability
4972| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
4973| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
4974| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
4975| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
4976| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
4977| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
4978| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
4979| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
4980| [19231] PHP apache_request_headers Function Buffer Overflow
4981| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
4982| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
4983| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
4984| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
4985| [18442] Apache httpOnly Cookie Disclosure
4986| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
4987| [18221] Apache HTTP Server Denial of Service
4988| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
4989| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
4990| [17691] Apache Struts < 2.2.0 - Remote Command Execution
4991| [16798] Apache mod_jk 1.2.20 Buffer Overflow
4992| [16782] Apache Win32 Chunked Encoding
4993| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
4994| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
4995| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
4996| [15319] Apache 2.2 (Windows) Local Denial of Service
4997| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
4998| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
4999| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5000| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5001| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5002| [12330] Apache OFBiz - Multiple XSS
5003| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5004| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5005| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5006| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5007| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5008| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5009| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5010| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5011| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5012| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5013| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5014| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5015| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5016| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5017| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5018| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5019| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5020| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5021| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5022| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5023| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5024| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5025| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5026| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5027| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5028| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5029| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5030| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5031| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5032| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5033| [466] htpasswd Apache 1.3.31 - Local Exploit
5034| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5035| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5036| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5037| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5038| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5039| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5040| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5041| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5042| [9] Apache HTTP Server 2.x Memory Leak Exploit
5043|
5044| OpenVAS (Nessus) - http://www.openvas.org:
5045| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5046| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5047| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5048| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5049| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5050| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5051| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5052| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5053| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5054| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5055| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5056| [900571] Apache APR-Utils Version Detection
5057| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5058| [900496] Apache Tiles Multiple XSS Vulnerability
5059| [900493] Apache Tiles Version Detection
5060| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5061| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5062| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5063| [870175] RedHat Update for apache RHSA-2008:0004-01
5064| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5065| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5066| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5067| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5068| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5069| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5070| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5071| [855821] Solaris Update for Apache 1.3 122912-19
5072| [855812] Solaris Update for Apache 1.3 122911-19
5073| [855737] Solaris Update for Apache 1.3 122911-17
5074| [855731] Solaris Update for Apache 1.3 122912-17
5075| [855695] Solaris Update for Apache 1.3 122911-16
5076| [855645] Solaris Update for Apache 1.3 122912-16
5077| [855587] Solaris Update for kernel update and Apache 108529-29
5078| [855566] Solaris Update for Apache 116973-07
5079| [855531] Solaris Update for Apache 116974-07
5080| [855524] Solaris Update for Apache 2 120544-14
5081| [855494] Solaris Update for Apache 1.3 122911-15
5082| [855478] Solaris Update for Apache Security 114145-11
5083| [855472] Solaris Update for Apache Security 113146-12
5084| [855179] Solaris Update for Apache 1.3 122912-15
5085| [855147] Solaris Update for kernel update and Apache 108528-29
5086| [855077] Solaris Update for Apache 2 120543-14
5087| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5088| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5089| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5090| [841209] Ubuntu Update for apache2 USN-1627-1
5091| [840900] Ubuntu Update for apache2 USN-1368-1
5092| [840798] Ubuntu Update for apache2 USN-1259-1
5093| [840734] Ubuntu Update for apache2 USN-1199-1
5094| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5095| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5096| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5097| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5098| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5099| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5100| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5101| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5102| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5103| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5104| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5105| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5106| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5107| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5108| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5109| [835188] HP-UX Update for Apache HPSBUX02308
5110| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5111| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5112| [835172] HP-UX Update for Apache HPSBUX02365
5113| [835168] HP-UX Update for Apache HPSBUX02313
5114| [835148] HP-UX Update for Apache HPSBUX01064
5115| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5116| [835131] HP-UX Update for Apache HPSBUX00256
5117| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5118| [835104] HP-UX Update for Apache HPSBUX00224
5119| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5120| [835101] HP-UX Update for Apache HPSBUX01232
5121| [835080] HP-UX Update for Apache HPSBUX02273
5122| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5123| [835044] HP-UX Update for Apache HPSBUX01019
5124| [835040] HP-UX Update for Apache PHP HPSBUX00207
5125| [835025] HP-UX Update for Apache HPSBUX00197
5126| [835023] HP-UX Update for Apache HPSBUX01022
5127| [835022] HP-UX Update for Apache HPSBUX02292
5128| [835005] HP-UX Update for Apache HPSBUX02262
5129| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5130| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5131| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5132| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5133| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5134| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5135| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5136| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5137| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5138| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5139| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5140| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5141| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5142| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5143| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5144| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5145| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5146| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5147| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5148| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5149| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5150| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5151| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5152| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5153| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5154| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5155| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5156| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5157| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5158| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5159| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5160| [801942] Apache Archiva Multiple Vulnerabilities
5161| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5162| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5163| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5164| [801284] Apache Derby Information Disclosure Vulnerability
5165| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5166| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5167| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5168| [800680] Apache APR Version Detection
5169| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5170| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5171| [800677] Apache Roller Version Detection
5172| [800279] Apache mod_jk Module Version Detection
5173| [800278] Apache Struts Cross Site Scripting Vulnerability
5174| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5175| [800276] Apache Struts Version Detection
5176| [800271] Apache Struts Directory Traversal Vulnerability
5177| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5178| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5179| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5180| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5181| [103074] Apache Continuum Cross Site Scripting Vulnerability
5182| [103073] Apache Continuum Detection
5183| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5184| [101023] Apache Open For Business Weak Password security check
5185| [101020] Apache Open For Business HTML injection vulnerability
5186| [101019] Apache Open For Business service detection
5187| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5188| [100923] Apache Archiva Detection
5189| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5190| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5191| [100813] Apache Axis2 Detection
5192| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5193| [100795] Apache Derby Detection
5194| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5195| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5196| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5197| [100514] Apache Multiple Security Vulnerabilities
5198| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5199| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5200| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5201| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5202| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5203| [72612] FreeBSD Ports: apache22
5204| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5205| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5206| [71512] FreeBSD Ports: apache
5207| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5208| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5209| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5210| [70737] FreeBSD Ports: apache
5211| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5212| [70600] FreeBSD Ports: apache
5213| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5214| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5215| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5216| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5217| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5218| [67868] FreeBSD Ports: apache
5219| [66816] FreeBSD Ports: apache
5220| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5221| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5222| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5223| [66081] SLES11: Security update for Apache 2
5224| [66074] SLES10: Security update for Apache 2
5225| [66070] SLES9: Security update for Apache 2
5226| [65998] SLES10: Security update for apache2-mod_python
5227| [65893] SLES10: Security update for Apache 2
5228| [65888] SLES10: Security update for Apache 2
5229| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5230| [65510] SLES9: Security update for Apache 2
5231| [65472] SLES9: Security update for Apache
5232| [65467] SLES9: Security update for Apache
5233| [65450] SLES9: Security update for apache2
5234| [65390] SLES9: Security update for Apache2
5235| [65363] SLES9: Security update for Apache2
5236| [65309] SLES9: Security update for Apache and mod_ssl
5237| [65296] SLES9: Security update for webdav apache module
5238| [65283] SLES9: Security update for Apache2
5239| [65249] SLES9: Security update for Apache 2
5240| [65230] SLES9: Security update for Apache 2
5241| [65228] SLES9: Security update for Apache 2
5242| [65212] SLES9: Security update for apache2-mod_python
5243| [65209] SLES9: Security update for apache2-worker
5244| [65207] SLES9: Security update for Apache 2
5245| [65168] SLES9: Security update for apache2-mod_python
5246| [65142] SLES9: Security update for Apache2
5247| [65136] SLES9: Security update for Apache 2
5248| [65132] SLES9: Security update for apache
5249| [65131] SLES9: Security update for Apache 2 oes/CORE
5250| [65113] SLES9: Security update for apache2
5251| [65072] SLES9: Security update for apache and mod_ssl
5252| [65017] SLES9: Security update for Apache 2
5253| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5254| [64783] FreeBSD Ports: apache
5255| [64774] Ubuntu USN-802-2 (apache2)
5256| [64653] Ubuntu USN-813-2 (apache2)
5257| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5258| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5259| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5260| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5261| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5262| [64443] Ubuntu USN-802-1 (apache2)
5263| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5264| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5265| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5266| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5267| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5268| [64201] Ubuntu USN-787-1 (apache2)
5269| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5270| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5271| [63565] FreeBSD Ports: apache
5272| [63562] Ubuntu USN-731-1 (apache2)
5273| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5274| [61185] FreeBSD Ports: apache
5275| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5276| [60387] Slackware Advisory SSA:2008-045-02 apache
5277| [58826] FreeBSD Ports: apache-tomcat
5278| [58825] FreeBSD Ports: apache-tomcat
5279| [58804] FreeBSD Ports: apache
5280| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5281| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5282| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5283| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5284| [57335] Debian Security Advisory DSA 1167-1 (apache)
5285| [57201] Debian Security Advisory DSA 1131-1 (apache)
5286| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5287| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5288| [57145] FreeBSD Ports: apache
5289| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5290| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5291| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5292| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5293| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5294| [56067] FreeBSD Ports: apache
5295| [55803] Slackware Advisory SSA:2005-310-04 apache
5296| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5297| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5298| [55355] FreeBSD Ports: apache
5299| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5300| [55261] Debian Security Advisory DSA 805-1 (apache2)
5301| [55259] Debian Security Advisory DSA 803-1 (apache)
5302| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5303| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5304| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5305| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5306| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5307| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5308| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5309| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5310| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5311| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5312| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5313| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5314| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5315| [54439] FreeBSD Ports: apache
5316| [53931] Slackware Advisory SSA:2004-133-01 apache
5317| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5318| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5319| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5320| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5321| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5322| [53848] Debian Security Advisory DSA 131-1 (apache)
5323| [53784] Debian Security Advisory DSA 021-1 (apache)
5324| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5325| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5326| [53735] Debian Security Advisory DSA 187-1 (apache)
5327| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5328| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5329| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5330| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5331| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5332| [53282] Debian Security Advisory DSA 594-1 (apache)
5333| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5334| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5335| [53215] Debian Security Advisory DSA 525-1 (apache)
5336| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5337| [52529] FreeBSD Ports: apache+ssl
5338| [52501] FreeBSD Ports: apache
5339| [52461] FreeBSD Ports: apache
5340| [52390] FreeBSD Ports: apache
5341| [52389] FreeBSD Ports: apache
5342| [52388] FreeBSD Ports: apache
5343| [52383] FreeBSD Ports: apache
5344| [52339] FreeBSD Ports: apache+mod_ssl
5345| [52331] FreeBSD Ports: apache
5346| [52329] FreeBSD Ports: ru-apache+mod_ssl
5347| [52314] FreeBSD Ports: apache
5348| [52310] FreeBSD Ports: apache
5349| [15588] Detect Apache HTTPS
5350| [15555] Apache mod_proxy content-length buffer overflow
5351| [15554] Apache mod_include priviledge escalation
5352| [14771] Apache <= 1.3.33 htpasswd local overflow
5353| [14177] Apache mod_access rule bypass
5354| [13644] Apache mod_rootme Backdoor
5355| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5356| [12280] Apache Connection Blocking Denial of Service
5357| [12239] Apache Error Log Escape Sequence Injection
5358| [12123] Apache Tomcat source.jsp malformed request information disclosure
5359| [12085] Apache Tomcat servlet/JSP container default files
5360| [11438] Apache Tomcat Directory Listing and File disclosure
5361| [11204] Apache Tomcat Default Accounts
5362| [11092] Apache 2.0.39 Win32 directory traversal
5363| [11046] Apache Tomcat TroubleShooter Servlet Installed
5364| [11042] Apache Tomcat DOS Device Name XSS
5365| [11041] Apache Tomcat /servlet Cross Site Scripting
5366| [10938] Apache Remote Command Execution via .bat files
5367| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5368| [10773] MacOS X Finder reveals contents of Apache Web files
5369| [10766] Apache UserDir Sensitive Information Disclosure
5370| [10756] MacOS X Finder reveals contents of Apache Web directories
5371| [10752] Apache Auth Module SQL Insertion Attack
5372| [10704] Apache Directory Listing
5373| [10678] Apache /server-info accessible
5374| [10677] Apache /server-status accessible
5375| [10440] Check for Apache Multiple / vulnerability
5376|
5377| SecurityTracker - https://www.securitytracker.com:
5378| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5379| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5380| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5381| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5382| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5383| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5384| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5385| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5386| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5387| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5388| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5389| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5390| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5391| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5392| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5393| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5394| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5395| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5396| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5397| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5398| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5399| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5400| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5401| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5402| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5403| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5404| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5405| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5406| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5407| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5408| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5409| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5410| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5411| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5412| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5413| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5414| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5415| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5416| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5417| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5418| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5419| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5420| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5421| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5422| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5423| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5424| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5425| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5426| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5427| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5428| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5429| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5430| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5431| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5432| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5433| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5434| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5435| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5436| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5437| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5438| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5439| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5440| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5441| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5442| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5443| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5444| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5445| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5446| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5447| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5448| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5449| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5450| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5451| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5452| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5453| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5454| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5455| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5456| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5457| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5458| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5459| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5460| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5461| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5462| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5463| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5464| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5465| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5466| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5467| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5468| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5469| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5470| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5471| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5472| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5473| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5474| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5475| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5476| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5477| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5478| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5479| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5480| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5481| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5482| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5483| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5484| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5485| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5486| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5487| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5488| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5489| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5490| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5491| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5492| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5493| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5494| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5495| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5496| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5497| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5498| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5499| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5500| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5501| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5502| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5503| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5504| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5505| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5506| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5507| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5508| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5509| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5510| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5511| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5512| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5513| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5514| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5515| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5516| [1008920] Apache mod_digest May Validate Replayed Client Responses
5517| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5518| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5519| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5520| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5521| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5522| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5523| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5524| [1008029] Apache mod_alias Contains a Buffer Overflow
5525| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5526| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5527| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5528| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5529| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5530| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5531| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5532| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5533| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5534| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5535| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5536| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5537| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5538| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5539| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5540| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5541| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5542| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5543| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5544| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5545| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5546| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5547| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5548| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5549| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5550| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5551| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5552| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5553| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5554| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5555| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5556| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5557| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5558| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5559| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5560| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5561| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5562| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5563| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5564| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5565| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5566| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5567| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5568| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5569| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5570| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5571| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5572| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5573| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5574| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5575| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5576| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5577| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5578| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5579| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5580| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5581|
5582| OSVDB - http://www.osvdb.org:
5583| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5584| [96077] Apache CloudStack Global Settings Multiple Field XSS
5585| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5586| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5587| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5588| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5589| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5590| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5591| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5592| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5593| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5594| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5595| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5596| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5597| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5598| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5599| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5600| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5601| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5602| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5603| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5604| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5605| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5606| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5607| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5608| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5609| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5610| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5611| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5612| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5613| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5614| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5615| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5616| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5617| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5618| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5619| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5620| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5621| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5622| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5623| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5624| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5625| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5626| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5627| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5628| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5629| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5630| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5631| [94279] Apache Qpid CA Certificate Validation Bypass
5632| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5633| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5634| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5635| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5636| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5637| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5638| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5639| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5640| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5641| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5642| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5643| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5644| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5645| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5646| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5647| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5648| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5649| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5650| [93541] Apache Solr json.wrf Callback XSS
5651| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5652| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5653| [93520] Apache CloudStack Default SSL Key Weakness
5654| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5655| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5656| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5657| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5658| [93515] Apache HBase table.jsp name Parameter XSS
5659| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5660| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5661| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5662| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5663| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5664| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5665| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5666| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5667| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5668| [93252] Apache Tomcat FORM Authenticator Session Fixation
5669| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5670| [93171] Apache Sling HtmlResponse Error Message XSS
5671| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5672| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5673| [93168] Apache Click ErrorReport.java id Parameter XSS
5674| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5675| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5676| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5677| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5678| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5679| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5680| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5681| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5682| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5683| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5684| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5685| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5686| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5687| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5688| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5689| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5690| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5691| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5692| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5693| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5694| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5695| [93144] Apache Solr Admin Command Execution CSRF
5696| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5697| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5698| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5699| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5700| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5701| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5702| [92748] Apache CloudStack VM Console Access Restriction Bypass
5703| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5704| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5705| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5706| [92706] Apache ActiveMQ Debug Log Rendering XSS
5707| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5708| [92270] Apache Tomcat Unspecified CSRF
5709| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5710| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5711| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5712| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5713| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5714| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5715| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5716| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5717| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5718| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5719| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5720| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5721| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5722| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5723| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5724| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5725| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5726| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5727| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5728| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5729| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5730| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5731| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
5732| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
5733| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
5734| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
5735| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
5736| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
5737| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
5738| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
5739| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
5740| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
5741| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
5742| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
5743| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
5744| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
5745| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
5746| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
5747| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
5748| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
5749| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
5750| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
5751| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
5752| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
5753| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
5754| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
5755| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
5756| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
5757| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
5758| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
5759| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
5760| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
5761| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
5762| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
5763| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
5764| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
5765| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
5766| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
5767| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
5768| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
5769| [86901] Apache Tomcat Error Message Path Disclosure
5770| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
5771| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
5772| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
5773| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
5774| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
5775| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
5776| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
5777| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
5778| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
5779| [85430] Apache mod_pagespeed Module Unspecified XSS
5780| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
5781| [85249] Apache Wicket Unspecified XSS
5782| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
5783| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
5784| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
5785| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
5786| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
5787| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
5788| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
5789| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
5790| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
5791| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
5792| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
5793| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
5794| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
5795| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
5796| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
5797| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
5798| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
5799| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
5800| [83339] Apache Roller Blogger Roll Unspecified XSS
5801| [83270] Apache Roller Unspecified Admin Action CSRF
5802| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
5803| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
5804| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
5805| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
5806| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
5807| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
5808| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
5809| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
5810| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
5811| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
5812| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
5813| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
5814| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
5815| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
5816| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
5817| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
5818| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
5819| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
5820| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
5821| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
5822| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
5823| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
5824| [80300] Apache Wicket wicket:pageMapName Parameter XSS
5825| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
5826| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
5827| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
5828| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
5829| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
5830| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
5831| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
5832| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
5833| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
5834| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
5835| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
5836| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
5837| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
5838| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
5839| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
5840| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
5841| [78331] Apache Tomcat Request Object Recycling Information Disclosure
5842| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
5843| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
5844| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
5845| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
5846| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
5847| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
5848| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
5849| [77593] Apache Struts Conversion Error OGNL Expression Injection
5850| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
5851| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
5852| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
5853| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
5854| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
5855| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
5856| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
5857| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
5858| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
5859| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
5860| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
5861| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
5862| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
5863| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
5864| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
5865| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
5866| [74725] Apache Wicket Multi Window Support Unspecified XSS
5867| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
5868| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
5869| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
5870| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
5871| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
5872| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
5873| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
5874| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
5875| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
5876| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
5877| [73644] Apache XML Security Signature Key Parsing Overflow DoS
5878| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
5879| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
5880| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
5881| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
5882| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
5883| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
5884| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
5885| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
5886| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
5887| [73154] Apache Archiva Multiple Unspecified CSRF
5888| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
5889| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
5890| [72238] Apache Struts Action / Method Names <
5891| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
5892| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
5893| [71557] Apache Tomcat HTML Manager Multiple XSS
5894| [71075] Apache Archiva User Management Page XSS
5895| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
5896| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
5897| [70924] Apache Continuum Multiple Admin Function CSRF
5898| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
5899| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
5900| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
5901| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
5902| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
5903| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
5904| [69520] Apache Archiva Administrator Credential Manipulation CSRF
5905| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
5906| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
5907| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
5908| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
5909| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
5910| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
5911| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
5912| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
5913| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
5914| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
5915| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
5916| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
5917| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
5918| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
5919| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
5920| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
5921| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
5922| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
5923| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
5924| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
5925| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
5926| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
5927| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
5928| [65054] Apache ActiveMQ Jetty Error Handler XSS
5929| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
5930| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
5931| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
5932| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
5933| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
5934| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
5935| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
5936| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
5937| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
5938| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
5939| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
5940| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
5941| [63895] Apache HTTP Server mod_headers Unspecified Issue
5942| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
5943| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
5944| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
5945| [63140] Apache Thrift Service Malformed Data Remote DoS
5946| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
5947| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
5948| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
5949| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
5950| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
5951| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
5952| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
5953| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
5954| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
5955| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
5956| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
5957| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
5958| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
5959| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
5960| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
5961| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
5962| [60678] Apache Roller Comment Email Notification Manipulation DoS
5963| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
5964| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
5965| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
5966| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
5967| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
5968| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
5969| [60232] PHP on Apache php.exe Direct Request Remote DoS
5970| [60176] Apache Tomcat Windows Installer Admin Default Password
5971| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
5972| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
5973| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
5974| [59944] Apache Hadoop jobhistory.jsp XSS
5975| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
5976| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
5977| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
5978| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
5979| [59019] Apache mod_python Cookie Salting Weakness
5980| [59018] Apache Harmony Error Message Handling Overflow
5981| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
5982| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
5983| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
5984| [59010] Apache Solr get-file.jsp XSS
5985| [59009] Apache Solr action.jsp XSS
5986| [59008] Apache Solr analysis.jsp XSS
5987| [59007] Apache Solr schema.jsp Multiple Parameter XSS
5988| [59006] Apache Beehive select / checkbox Tag XSS
5989| [59005] Apache Beehive jpfScopeID Global Parameter XSS
5990| [59004] Apache Beehive Error Message XSS
5991| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
5992| [59002] Apache Jetspeed default-page.psml URI XSS
5993| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
5994| [59000] Apache CXF Unsigned Message Policy Bypass
5995| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
5996| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
5997| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
5998| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
5999| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6000| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6001| [58993] Apache Hadoop browseBlock.jsp XSS
6002| [58991] Apache Hadoop browseDirectory.jsp XSS
6003| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6004| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6005| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6006| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6007| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6008| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6009| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6010| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6011| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6012| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6013| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6014| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6015| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6016| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6017| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6018| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6019| [58974] Apache Sling /apps Script User Session Management Access Weakness
6020| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6021| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6022| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6023| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6024| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6025| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6026| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6027| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6028| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6029| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6030| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6031| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6032| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6033| [58805] Apache Derby Unauthenticated Database / Admin Access
6034| [58804] Apache Wicket Header Contribution Unspecified Issue
6035| [58803] Apache Wicket Session Fixation
6036| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6037| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6038| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6039| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6040| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6041| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6042| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6043| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6044| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6045| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6046| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6047| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6048| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6049| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6050| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6051| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6052| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6053| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6054| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6055| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6056| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6057| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6058| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6059| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6060| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6061| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6062| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6063| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6064| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6065| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6066| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6067| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6068| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6069| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6070| [58755] Apache Harmony DRLVM Non-public Class Member Access
6071| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6072| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6073| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6074| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6075| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6076| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6077| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6078| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6079| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6080| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6081| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6082| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6083| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6084| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6085| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6086| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6087| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6088| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6089| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6090| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6091| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6092| [58724] Apache Roller Logout Functionality Failure Session Persistence
6093| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6094| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6095| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6096| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6097| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6098| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6099| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6100| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6101| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6102| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6103| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6104| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6105| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6106| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6107| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6108| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6109| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6110| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6111| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6112| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6113| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6114| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6115| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6116| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6117| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6118| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6119| [58687] Apache Axis Invalid wsdl Request XSS
6120| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6121| [58685] Apache Velocity Template Designer Privileged Code Execution
6122| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6123| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6124| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6125| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6126| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6127| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6128| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6129| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6130| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6131| [58667] Apache Roller Database Cleartext Passwords Disclosure
6132| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6133| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6134| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6135| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6136| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6137| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6138| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6139| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6140| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6141| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6142| [56984] Apache Xerces2 Java Malformed XML Input DoS
6143| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6144| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6145| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6146| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6147| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6148| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6149| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6150| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6151| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6152| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6153| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6154| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6155| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6156| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6157| [55056] Apache Tomcat Cross-application TLD File Manipulation
6158| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6159| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6160| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6161| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6162| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6163| [54589] Apache Jserv Nonexistent JSP Request XSS
6164| [54122] Apache Struts s:a / s:url Tag href Element XSS
6165| [54093] Apache ActiveMQ Web Console JMS Message XSS
6166| [53932] Apache Geronimo Multiple Admin Function CSRF
6167| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6168| [53930] Apache Geronimo /console/portal/ URI XSS
6169| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6170| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6171| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6172| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6173| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6174| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6175| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6176| [53380] Apache Struts Unspecified XSS
6177| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6178| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6179| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6180| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6181| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6182| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6183| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6184| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6185| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6186| [51151] Apache Roller Search Function q Parameter XSS
6187| [50482] PHP with Apache php_value Order Unspecified Issue
6188| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6189| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6190| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6191| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6192| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6193| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6194| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6195| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6196| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6197| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6198| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6199| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6200| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6201| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6202| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6203| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6204| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6205| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6206| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6207| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6208| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6209| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6210| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6211| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6212| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6213| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6214| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6215| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6216| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6217| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6218| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6219| [43452] Apache Tomcat HTTP Request Smuggling
6220| [43309] Apache Geronimo LoginModule Login Method Bypass
6221| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6222| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6223| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6224| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6225| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6226| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6227| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6228| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6229| [42091] Apache Maven Site Plugin Installation Permission Weakness
6230| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6231| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6232| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6233| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6234| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6235| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6236| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6237| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6238| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6239| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6240| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6241| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6242| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6243| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6244| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6245| [40262] Apache HTTP Server mod_status refresh XSS
6246| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6247| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6248| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6249| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6250| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6251| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6252| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6253| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6254| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6255| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6256| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6257| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6258| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6259| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6260| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6261| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6262| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6263| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6264| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6265| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6266| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6267| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6268| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6269| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6270| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6271| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6272| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6273| [36079] Apache Tomcat Manager Uploaded Filename XSS
6274| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6275| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6276| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6277| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6278| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6279| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6280| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6281| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6282| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6283| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6284| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6285| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6286| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6287| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6288| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6289| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6290| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6291| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6292| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6293| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6294| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6295| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6296| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6297| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6298| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6299| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6300| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6301| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6302| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6303| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6304| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6305| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6306| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6307| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6308| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6309| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6310| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6311| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6312| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6313| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6314| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6315| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6316| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6317| [24365] Apache Struts Multiple Function Error Message XSS
6318| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6319| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6320| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6321| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6322| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6323| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6324| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6325| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6326| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6327| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6328| [22459] Apache Geronimo Error Page XSS
6329| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6330| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6331| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6332| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6333| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6334| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6335| [21021] Apache Struts Error Message XSS
6336| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6337| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6338| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6339| [20439] Apache Tomcat Directory Listing Saturation DoS
6340| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6341| [20285] Apache HTTP Server Log File Control Character Injection
6342| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6343| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6344| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6345| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6346| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6347| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6348| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6349| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6350| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6351| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6352| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6353| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6354| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6355| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6356| [18233] Apache HTTP Server htdigest user Variable Overfow
6357| [17738] Apache HTTP Server HTTP Request Smuggling
6358| [16586] Apache HTTP Server Win32 GET Overflow DoS
6359| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6360| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6361| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6362| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6363| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6364| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6365| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6366| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6367| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6368| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6369| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6370| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6371| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6372| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6373| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6374| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6375| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6376| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6377| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6378| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6379| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6380| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6381| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6382| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6383| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6384| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6385| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6386| [13304] Apache Tomcat realPath.jsp Path Disclosure
6387| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6388| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6389| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6390| [12848] Apache HTTP Server htdigest realm Variable Overflow
6391| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6392| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6393| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6394| [12557] Apache HTTP Server prefork MPM accept Error DoS
6395| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6396| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6397| [12231] Apache Tomcat web.xml Arbitrary File Access
6398| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6399| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6400| [12178] Apache Jakarta Lucene results.jsp XSS
6401| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6402| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6403| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6404| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6405| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6406| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6407| [10471] Apache Xerces-C++ XML Parser DoS
6408| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6409| [10068] Apache HTTP Server htpasswd Local Overflow
6410| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6411| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6412| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6413| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6414| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6415| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6416| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6417| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6418| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6419| [9714] Apache Authentication Module Threaded MPM DoS
6420| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6421| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6422| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6423| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6424| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6425| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6426| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6427| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6428| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6429| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6430| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6431| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6432| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6433| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6434| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6435| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6436| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6437| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6438| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6439| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6440| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6441| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6442| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6443| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6444| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6445| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6446| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6447| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6448| [9208] Apache Tomcat .jsp Encoded Newline XSS
6449| [9204] Apache Tomcat ROOT Application XSS
6450| [9203] Apache Tomcat examples Application XSS
6451| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6452| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6453| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6454| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6455| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6456| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6457| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6458| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6459| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6460| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6461| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6462| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6463| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6464| [7611] Apache HTTP Server mod_alias Local Overflow
6465| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6466| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6467| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6468| [6882] Apache mod_python Malformed Query String Variant DoS
6469| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6470| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6471| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6472| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6473| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6474| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6475| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6476| [5278] Apache Tomcat web.xml Restriction Bypass
6477| [5051] Apache Tomcat Null Character DoS
6478| [4973] Apache Tomcat servlet Mapping XSS
6479| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6480| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6481| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6482| [4568] mod_survey For Apache ENV Tags SQL Injection
6483| [4553] Apache HTTP Server ApacheBench Overflow DoS
6484| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6485| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6486| [4383] Apache HTTP Server Socket Race Condition DoS
6487| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6488| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6489| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6490| [4231] Apache Cocoon Error Page Server Path Disclosure
6491| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6492| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6493| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6494| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6495| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6496| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6497| [3322] mod_php for Apache HTTP Server Process Hijack
6498| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6499| [2885] Apache mod_python Malformed Query String DoS
6500| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6501| [2733] Apache HTTP Server mod_rewrite Local Overflow
6502| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6503| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6504| [2149] Apache::Gallery Privilege Escalation
6505| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6506| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6507| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6508| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6509| [872] Apache Tomcat Multiple Default Accounts
6510| [862] Apache HTTP Server SSI Error Page XSS
6511| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6512| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6513| [845] Apache Tomcat MSDOS Device XSS
6514| [844] Apache Tomcat Java Servlet Error Page XSS
6515| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6516| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6517| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6518| [775] Apache mod_python Module Importing Privilege Function Execution
6519| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6520| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6521| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6522| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6523| [637] Apache HTTP Server UserDir Directive Username Enumeration
6524| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6525| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6526| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6527| [561] Apache Web Servers mod_status /server-status Information Disclosure
6528| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6529| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6530| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6531| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6532| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6533| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6534| [376] Apache Tomcat contextAdmin Arbitrary File Access
6535| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6536| [222] Apache HTTP Server test-cgi Arbitrary File Access
6537| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6538| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6539|_
6540Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6541Device type: general purpose
6542Running (JUST GUESSING): Microsoft Windows 2008|Vista (91%)
6543OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_vista
6544Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 (91%), Microsoft Windows Server 2008 R2 (87%), Microsoft Windows Vista (85%)
6545No exact OS matches for host (test conditions non-ideal).
6546Uptime guess: 92.661 days (since Wed Jul 24 05:15:44 2019)
6547Network Distance: 22 hops
6548TCP Sequence Prediction: Difficulty=264 (Good luck!)
6549IP ID Sequence Generation: Randomized
6550
6551TRACEROUTE (using port 80/tcp)
6552HOP RTT ADDRESS
65531 201.48 ms 10.253.204.1
65542 764.72 ms 45.131.5.2
65553 307.64 ms 109.236.95.230
65564 307.69 ms 109.236.95.167
65575 307.71 ms adm-b1-link.telia.net (213.248.99.194)
65586 415.11 ms adm-bb4-link.telia.net (62.115.137.64)
65597 415.20 ms ldn-bb4-link.telia.net (62.115.134.27)
65608 307.76 ms nyk-bb3-link.telia.net (62.115.112.244)
65619 415.24 ms ldn-bb3-link.telia.net (213.155.136.98)
656210 415.25 ms softbank-ic-323269-sjo-b21.c.telia.net (213.248.88.78)
656311 ... 19
656420 354.09 ms 219.101.222.14
656521 486.48 ms nlmfgate.nikkeikin.co.jp (219.101.223.131)
656622 331.43 ms www1.nikkei-buturyu.co.jp (219.101.223.158)
6567
6568NSE: Script Post-scanning.
6569Initiating NSE at 21:07
6570Completed NSE at 21:07, 0.00s elapsed
6571Initiating NSE at 21:07
6572Completed NSE at 21:07, 0.00s elapsed
6573######################################################################################################################################
6574------------------------------------------------------------------------------------------------------------------------
6575
6576[ ! ] Starting SCANNER INURLBR 2.1 at [24-10-2019 21:08:31]
6577[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
6578It is the end user's responsibility to obey all applicable local, state and federal laws.
6579Developers assume no liability and are not responsible for any misuse or damage caused by this program
6580
6581[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.nikkei-buturyu.co.jp/output/inurlbr-www.nikkei-buturyu.co.jp ]
6582[ INFO ][ DORK ]::[ site:www.nikkei-buturyu.co.jp ]
6583[ INFO ][ SEARCHING ]:: {
6584[ INFO ][ ENGINE ]::[ GOOGLE - www.google.de ]
6585
6586[ INFO ][ SEARCHING ]::
6587-[:::]
6588[ INFO ][ ENGINE ]::[ GOOGLE API ]
6589
6590[ INFO ][ SEARCHING ]::
6591-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
6592[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.ec ID: 012347377894689429761:wgkj5jn9ee4 ]
6593
6594[ INFO ][ SEARCHING ]::
6595-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
6596
6597[ INFO ][ TOTAL FOUND VALUES ]:: [ 54 ]
6598
6599
6600 _[ - ]::--------------------------------------------------------------------------------------------------------------
6601|_[ + ] [ 0 / 54 ]-[21:08:52] [ - ]
6602|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/ ]
6603|_[ + ] Exploit::
6604|_[ + ] Information Server:: , , IP:219.101.223.158:443
6605|_[ + ] More details:: / - / , ISP:
6606|_[ + ] Found:: UNIDENTIFIED
6607
6608 _[ - ]::--------------------------------------------------------------------------------------------------------------
6609|_[ + ] [ 1 / 54 ]-[21:08:54] [ - ]
6610|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/grouplink/ ]
6611|_[ + ] Exploit::
6612|_[ + ] Information Server:: , , IP:219.101.223.158:443
6613|_[ + ] More details:: / - / , ISP:
6614|_[ + ] Found:: UNIDENTIFIED
6615
6616 _[ - ]::--------------------------------------------------------------------------------------------------------------
6617|_[ + ] [ 2 / 54 ]-[21:08:56] [ - ]
6618|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/ ]
6619|_[ + ] Exploit::
6620|_[ + ] Information Server:: , , IP:219.101.223.158:443
6621|_[ + ] More details:: / - / , ISP:
6622|_[ + ] Found:: UNIDENTIFIED
6623
6624 _[ - ]::--------------------------------------------------------------------------------------------------------------
6625|_[ + ] [ 3 / 54 ]-[21:08:58] [ - ]
6626|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/ ]
6627|_[ + ] Exploit::
6628|_[ + ] Information Server:: , , IP:219.101.223.158:443
6629|_[ + ] More details:: / - / , ISP:
6630|_[ + ] Found:: UNIDENTIFIED
6631
6632 _[ - ]::--------------------------------------------------------------------------------------------------------------
6633|_[ + ] [ 4 / 54 ]-[21:09:00] [ - ]
6634|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/ ]
6635|_[ + ] Exploit::
6636|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6637|_[ + ] More details:: / - / , ISP:
6638|_[ + ] Found:: UNIDENTIFIED
6639
6640 _[ - ]::--------------------------------------------------------------------------------------------------------------
6641|_[ + ] [ 5 / 54 ]-[21:09:02] [ - ]
6642|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/contact/ ]
6643|_[ + ] Exploit::
6644|_[ + ] Information Server:: , , IP:219.101.223.158:443
6645|_[ + ] More details:: / - / , ISP:
6646|_[ + ] Found:: UNIDENTIFIED
6647
6648 _[ - ]::--------------------------------------------------------------------------------------------------------------
6649|_[ + ] [ 6 / 54 ]-[21:09:04] [ - ]
6650|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/policy.html ]
6651|_[ + ] Exploit::
6652|_[ + ] Information Server:: , , IP:219.101.223.158:443
6653|_[ + ] More details:: / - / , ISP:
6654|_[ + ] Found:: UNIDENTIFIED
6655
6656 _[ - ]::--------------------------------------------------------------------------------------------------------------
6657|_[ + ] [ 7 / 54 ]-[21:09:06] [ - ]
6658|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/privacy.html ]
6659|_[ + ] Exploit::
6660|_[ + ] Information Server:: , , IP:219.101.223.158:443
6661|_[ + ] More details:: / - / , ISP:
6662|_[ + ] Found:: UNIDENTIFIED
6663
6664 _[ - ]::--------------------------------------------------------------------------------------------------------------
6665|_[ + ] [ 8 / 54 ]-[21:09:08] [ - ]
6666|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/sitemap.html ]
6667|_[ + ] Exploit::
6668|_[ + ] Information Server:: , , IP:219.101.223.158:443
6669|_[ + ] More details:: / - / , ISP:
6670|_[ + ] Found:: UNIDENTIFIED
6671
6672 _[ - ]::--------------------------------------------------------------------------------------------------------------
6673|_[ + ] [ 9 / 54 ]-[21:09:10] [ - ]
6674|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/senior.html ]
6675|_[ + ] Exploit::
6676|_[ + ] Information Server:: , , IP:219.101.223.158:443
6677|_[ + ] More details:: / - / , ISP:
6678|_[ + ] Found:: UNIDENTIFIED
6679
6680 _[ - ]::--------------------------------------------------------------------------------------------------------------
6681|_[ + ] [ 10 / 54 ]-[21:09:12] [ - ]
6682|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/environment/nlc.pdf ]
6683|_[ + ] Exploit::
6684|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6685|_[ + ] More details:: / - / , ISP:
6686|_[ + ] Found:: UNIDENTIFIED
6687
6688 _[ - ]::--------------------------------------------------------------------------------------------------------------
6689|_[ + ] [ 11 / 54 ]-[21:09:14] [ - ]
6690|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/safety/safety.pdf ]
6691|_[ + ] Exploit::
6692|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6693|_[ + ] More details:: / - / , ISP:
6694|_[ + ] Found:: UNIDENTIFIED
6695
6696 _[ - ]::--------------------------------------------------------------------------------------------------------------
6697|_[ + ] [ 12 / 54 ]-[21:09:16] [ - ]
6698|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/branch.html ]
6699|_[ + ] Exploit::
6700|_[ + ] Information Server:: , , IP:219.101.223.158:443
6701|_[ + ] More details:: / - / , ISP:
6702|_[ + ] Found:: UNIDENTIFIED
6703
6704 _[ - ]::--------------------------------------------------------------------------------------------------------------
6705|_[ + ] [ 13 / 54 ]-[21:09:18] [ - ]
6706|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/about.html ]
6707|_[ + ] Exploit::
6708|_[ + ] Information Server:: , , IP:219.101.223.158:443
6709|_[ + ] More details:: / - / , ISP:
6710|_[ + ] Found:: UNIDENTIFIED
6711
6712 _[ - ]::--------------------------------------------------------------------------------------------------------------
6713|_[ + ] [ 14 / 54 ]-[21:09:20] [ - ]
6714|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/environment/index.html ]
6715|_[ + ] Exploit::
6716|_[ + ] Information Server:: , , IP:219.101.223.158:443
6717|_[ + ] More details:: / - / , ISP:
6718|_[ + ] Found:: UNIDENTIFIED
6719
6720 _[ - ]::--------------------------------------------------------------------------------------------------------------
6721|_[ + ] [ 15 / 54 ]-[21:09:22] [ - ]
6722|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/prospectus/system.html ]
6723|_[ + ] Exploit::
6724|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6725|_[ + ] More details:: / - / , ISP:
6726|_[ + ] Found:: UNIDENTIFIED
6727
6728 _[ - ]::--------------------------------------------------------------------------------------------------------------
6729|_[ + ] [ 16 / 54 ]-[21:09:24] [ - ]
6730|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/suggest.html ]
6731|_[ + ] Exploit::
6732|_[ + ] Information Server:: , , IP:219.101.223.158:443
6733|_[ + ] More details:: / - / , ISP:
6734|_[ + ] Found:: UNIDENTIFIED
6735
6736 _[ - ]::--------------------------------------------------------------------------------------------------------------
6737|_[ + ] [ 17 / 54 ]-[21:09:26] [ - ]
6738|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/safety/index.html ]
6739|_[ + ] Exploit::
6740|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6741|_[ + ] More details:: / - / , ISP:
6742|_[ + ] Found:: UNIDENTIFIED
6743
6744 _[ - ]::--------------------------------------------------------------------------------------------------------------
6745|_[ + ] [ 18 / 54 ]-[21:09:28] [ - ]
6746|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/pallete.html ]
6747|_[ + ] Exploit::
6748|_[ + ] Information Server:: , , IP:219.101.223.158:443
6749|_[ + ] More details:: / - / , ISP:
6750|_[ + ] Found:: UNIDENTIFIED
6751
6752 _[ - ]::--------------------------------------------------------------------------------------------------------------
6753|_[ + ] [ 19 / 54 ]-[21:09:30] [ - ]
6754|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/international.html ]
6755|_[ + ] Exploit::
6756|_[ + ] Information Server:: , , IP:219.101.223.158:443
6757|_[ + ] More details:: / - / , ISP:
6758|_[ + ] Found:: UNIDENTIFIED
6759
6760 _[ - ]::--------------------------------------------------------------------------------------------------------------
6761|_[ + ] [ 20 / 54 ]-[21:09:32] [ - ]
6762|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/message.html ]
6763|_[ + ] Exploit::
6764|_[ + ] Information Server:: , , IP:219.101.223.158:443
6765|_[ + ] More details:: / - / , ISP:
6766|_[ + ] Found:: UNIDENTIFIED
6767
6768 _[ - ]::--------------------------------------------------------------------------------------------------------------
6769|_[ + ] [ 21 / 54 ]-[21:09:34] [ - ]
6770|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/prospectus.html ]
6771|_[ + ] Exploit::
6772|_[ + ] Information Server:: , , IP:219.101.223.158:443
6773|_[ + ] More details:: / - / , ISP:
6774|_[ + ] Found:: UNIDENTIFIED
6775
6776 _[ - ]::--------------------------------------------------------------------------------------------------------------
6777|_[ + ] [ 22 / 54 ]-[21:09:36] [ - ]
6778|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/special.html ]
6779|_[ + ] Exploit::
6780|_[ + ] Information Server:: , , IP:219.101.223.158:443
6781|_[ + ] More details:: / - / , ISP:
6782|_[ + ] Found:: UNIDENTIFIED
6783
6784 _[ - ]::--------------------------------------------------------------------------------------------------------------
6785|_[ + ] [ 23 / 54 ]-[21:09:38] [ - ]
6786|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/career.html ]
6787|_[ + ] Exploit::
6788|_[ + ] Information Server:: , , IP:219.101.223.158:443
6789|_[ + ] More details:: / - / , ISP:
6790|_[ + ] Found:: UNIDENTIFIED
6791
6792 _[ - ]::--------------------------------------------------------------------------------------------------------------
6793|_[ + ] [ 24 / 54 ]-[21:09:40] [ - ]
6794|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/about/philosophy.html ]
6795|_[ + ] Exploit::
6796|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6797|_[ + ] More details:: / - / , ISP:
6798|_[ + ] Found:: UNIDENTIFIED
6799
6800 _[ - ]::--------------------------------------------------------------------------------------------------------------
6801|_[ + ] [ 25 / 54 ]-[21:09:42] [ - ]
6802|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/index.html ]
6803|_[ + ] Exploit::
6804|_[ + ] Information Server:: , , IP:219.101.223.158:443
6805|_[ + ] More details:: / - / , ISP:
6806|_[ + ] Found:: UNIDENTIFIED
6807
6808 _[ - ]::--------------------------------------------------------------------------------------------------------------
6809|_[ + ] [ 26 / 54 ]-[21:09:45] [ - ]
6810|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatad.pdf ]
6811|_[ + ] Exploit::
6812|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6813|_[ + ] More details:: / - / , ISP:
6814|_[ + ] Found:: UNIDENTIFIED
6815
6816 _[ - ]::--------------------------------------------------------------------------------------------------------------
6817|_[ + ] [ 27 / 54 ]-[21:09:47] [ - ]
6818|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/KYUJINHYOU.pdf ]
6819|_[ + ] Exploit::
6820|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6821|_[ + ] More details:: / - / , ISP:
6822|_[ + ] Found:: UNIDENTIFIED
6823
6824 _[ - ]::--------------------------------------------------------------------------------------------------------------
6825|_[ + ] [ 28 / 54 ]-[21:09:49] [ - ]
6826|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsanuki2.pdf ]
6827|_[ + ] Exploit::
6828|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6829|_[ + ] More details:: / - / , ISP:
6830|_[ + ] Found:: UNIDENTIFIED
6831
6832 _[ - ]::--------------------------------------------------------------------------------------------------------------
6833|_[ + ] [ 29 / 54 ]-[21:09:51] [ - ]
6834|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkoda.pdf ]
6835|_[ + ] Exploit::
6836|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6837|_[ + ] More details:: / - / , ISP:
6838|_[ + ] Found:: UNIDENTIFIED
6839
6840 _[ - ]::--------------------------------------------------------------------------------------------------------------
6841|_[ + ] [ 30 / 54 ]-[21:09:53] [ - ]
6842|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsoumu.pdf ]
6843|_[ + ] Exploit::
6844|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6845|_[ + ] More details:: / - / , ISP:
6846|_[ + ] Found:: UNIDENTIFIED
6847
6848 _[ - ]::--------------------------------------------------------------------------------------------------------------
6849|_[ + ] [ 31 / 54 ]-[21:09:54] [ - ]
6850|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatas.pdf ]
6851|_[ + ] Exploit::
6852|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6853|_[ + ] More details:: / - / , ISP:
6854|_[ + ] Found:: UNIDENTIFIED
6855
6856 _[ - ]::--------------------------------------------------------------------------------------------------------------
6857|_[ + ] [ 32 / 54 ]-[21:09:56] [ - ]
6858|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/new-employee.html ]
6859|_[ + ] Exploit::
6860|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6861|_[ + ] More details:: / - / , ISP:
6862|_[ + ] Found:: UNIDENTIFIED
6863
6864 _[ - ]::--------------------------------------------------------------------------------------------------------------
6865|_[ + ] [ 33 / 54 ]-[21:09:58] [ - ]
6866|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsapporo.pdf ]
6867|_[ + ] Exploit::
6868|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6869|_[ + ] More details:: / - / , ISP:
6870|_[ + ] Found:: UNIDENTIFIED
6871
6872 _[ - ]::--------------------------------------------------------------------------------------------------------------
6873|_[ + ] [ 34 / 54 ]-[21:10:00] [ - ]
6874|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2017.pdf ]
6875|_[ + ] Exploit::
6876|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6877|_[ + ] More details:: / - / , ISP:
6878|_[ + ] Found:: UNIDENTIFIED
6879
6880 _[ - ]::--------------------------------------------------------------------------------------------------------------
6881|_[ + ] [ 35 / 54 ]-[21:10:02] [ - ]
6882|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkanbara.pdf ]
6883|_[ + ] Exploit::
6884|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6885|_[ + ] More details:: / - / , ISP:
6886|_[ + ] Found:: UNIDENTIFIED
6887
6888 _[ - ]::--------------------------------------------------------------------------------------------------------------
6889|_[ + ] [ 36 / 54 ]-[21:10:04] [ - ]
6890|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinokayama.pdf ]
6891|_[ + ] Exploit::
6892|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6893|_[ + ] More details:: / - / , ISP:
6894|_[ + ] Found:: UNIDENTIFIED
6895
6896 _[ - ]::--------------------------------------------------------------------------------------------------------------
6897|_[ + ] [ 37 / 54 ]-[21:10:06] [ - ]
6898|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2019.pdf ]
6899|_[ + ] Exploit::
6900|_[ + ] Information Server:: , , IP:219.101.223.158:443
6901|_[ + ] More details:: / - / , ISP:
6902|_[ + ] Found:: UNIDENTIFIED
6903
6904 _[ - ]::--------------------------------------------------------------------------------------------------------------
6905|_[ + ] [ 38 / 54 ]-[21:10:08] [ - ]
6906|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkaika.pdf ]
6907|_[ + ] Exploit::
6908|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6909|_[ + ] More details:: / - / , ISP:
6910|_[ + ] Found:: UNIDENTIFIED
6911
6912 _[ - ]::--------------------------------------------------------------------------------------------------------------
6913|_[ + ] [ 39 / 54 ]-[21:10:10] [ - ]
6914|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkannbara3.pdf ]
6915|_[ + ] Exploit::
6916|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6917|_[ + ] More details:: / - / , ISP:
6918|_[ + ] Found:: UNIDENTIFIED
6919
6920 _[ - ]::--------------------------------------------------------------------------------------------------------------
6921|_[ + ] [ 40 / 54 ]-[21:10:12] [ - ]
6922|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujineigyou.pdf ]
6923|_[ + ] Exploit::
6924|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6925|_[ + ] More details:: / - / , ISP:
6926|_[ + ] Found:: UNIDENTIFIED
6927
6928 _[ - ]::--------------------------------------------------------------------------------------------------------------
6929|_[ + ] [ 41 / 54 ]-[21:10:14] [ - ]
6930|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2018.pdf ]
6931|_[ + ] Exploit::
6932|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6933|_[ + ] More details:: / - / , ISP:
6934|_[ + ] Found:: UNIDENTIFIED
6935
6936 _[ - ]::--------------------------------------------------------------------------------------------------------------
6937|_[ + ] [ 42 / 54 ]-[21:10:16] [ - ]
6938|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/UNYUMANEJIMENTO2016.pdf ]
6939|_[ + ] Exploit::
6940|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6941|_[ + ] More details:: / - / , ISP:
6942|_[ + ] Found:: UNIDENTIFIED
6943
6944 _[ - ]::--------------------------------------------------------------------------------------------------------------
6945|_[ + ] [ 43 / 54 ]-[21:10:18] [ - ]
6946|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikikaisei2018.pdf ]
6947|_[ + ] Exploit::
6948|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6949|_[ + ] More details:: / - / , ISP:
6950|_[ + ] Found:: UNIDENTIFIED
6951
6952 _[ - ]::--------------------------------------------------------------------------------------------------------------
6953|_[ + ] [ 44 / 54 ]-[21:10:20] [ - ]
6954|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenkou201804.pdf ]
6955|_[ + ] Exploit::
6956|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6957|_[ + ] More details:: / - / , ISP:
6958|_[ + ] Found:: UNIDENTIFIED
6959
6960 _[ - ]::--------------------------------------------------------------------------------------------------------------
6961|_[ + ] [ 45 / 54 ]-[21:10:22] [ - ]
6962|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyohozen2016.pdf ]
6963|_[ + ] Exploit::
6964|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6965|_[ + ] More details:: / - / , ISP:
6966|_[ + ] Found:: UNIDENTIFIED
6967
6968 _[ - ]::--------------------------------------------------------------------------------------------------------------
6969|_[ + ] [ 46 / 54 ]-[21:10:24] [ - ]
6970|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen.pdf ]
6971|_[ + ] Exploit::
6972|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6973|_[ + ] More details:: / - / , ISP:
6974|_[ + ] Found:: UNIDENTIFIED
6975
6976 _[ - ]::--------------------------------------------------------------------------------------------------------------
6977|_[ + ] [ 47 / 54 ]-[21:10:26] [ - ]
6978|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/organization.pdf ]
6979|_[ + ] Exploit::
6980|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
6981|_[ + ] More details:: / - / , ISP:
6982|_[ + ] Found:: UNIDENTIFIED
6983
6984 _[ - ]::--------------------------------------------------------------------------------------------------------------
6985|_[ + ] [ 48 / 54 ]-[21:10:28] [ - ]
6986|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/pdf/souritukinenaisatu.pdf ]
6987|_[ + ] Exploit::
6988|_[ + ] Information Server:: , , IP:219.101.223.158:443
6989|_[ + ] More details:: / - / , ISP:
6990|_[ + ] Found:: UNIDENTIFIED
6991
6992 _[ - ]::--------------------------------------------------------------------------------------------------------------
6993|_[ + ] [ 49 / 54 ]-[21:10:30] [ - ]
6994|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/2017/index.html ]
6995|_[ + ] Exploit::
6996|_[ + ] Information Server:: , , IP:219.101.223.158:443
6997|_[ + ] More details:: / - / , ISP:
6998|_[ + ] Found:: UNIDENTIFIED
6999
7000 _[ - ]::--------------------------------------------------------------------------------------------------------------
7001|_[ + ] [ 50 / 54 ]-[21:10:32] [ - ]
7002|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/2018/index.html ]
7003|_[ + ] Exploit::
7004|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7005|_[ + ] More details:: / - / , ISP:
7006|_[ + ] Found:: UNIDENTIFIED
7007
7008 _[ - ]::--------------------------------------------------------------------------------------------------------------
7009|_[ + ] [ 51 / 54 ]-[21:10:34] [ - ]
7010|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/2015/index.html ]
7011|_[ + ] Exploit::
7012|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7013|_[ + ] More details:: / - / , ISP:
7014|_[ + ] Found:: UNIDENTIFIED
7015
7016 _[ - ]::--------------------------------------------------------------------------------------------------------------
7017|_[ + ] [ 52 / 54 ]-[21:10:36] [ - ]
7018|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenko.pdf ]
7019|_[ + ] Exploit::
7020|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7021|_[ + ] More details:: / - / , ISP:
7022|_[ + ] Found:: UNIDENTIFIED
7023
7024 _[ - ]::--------------------------------------------------------------------------------------------------------------
7025|_[ + ] [ 53 / 54 ]-[21:10:38] [ - ]
7026|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen2018.pdf ]
7027|_[ + ] Exploit::
7028|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7029|_[ + ] More details:: / - / , ISP:
7030|_[ + ] Found:: UNIDENTIFIED
7031
7032[ INFO ] [ Shutting down ]
7033[ INFO ] [ End of process INURLBR at [24-10-2019 21:10:38]
7034[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
7035[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.nikkei-buturyu.co.jp/output/inurlbr-www.nikkei-buturyu.co.jp ]
7036|_________________________________________________________________________________________
7037
7038\_________________________________________________________________________________________/
7039######################################################################################################################################
7040-buturyu.co.jp-port443: Aucun fichier ou dossier de ce type
7041Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 21:10 EDT
7042NSE: Loaded 163 scripts for scanning.
7043NSE: Script Pre-scanning.
7044Initiating NSE at 21:10
7045Completed NSE at 21:10, 0.00s elapsed
7046Initiating NSE at 21:10
7047Completed NSE at 21:10, 0.00s elapsed
7048Initiating Parallel DNS resolution of 1 host. at 21:10
7049Completed Parallel DNS resolution of 1 host. at 21:10, 0.02s elapsed
7050Initiating SYN Stealth Scan at 21:10
7051Scanning www.nikkei-buturyu.co.jp (219.101.223.158) [1 port]
7052Discovered open port 443/tcp on 219.101.223.158
7053Completed SYN Stealth Scan at 21:10, 0.37s elapsed (1 total ports)
7054Initiating Service scan at 21:10
7055Scanning 1 service on www.nikkei-buturyu.co.jp (219.101.223.158)
7056Completed Service scan at 21:11, 14.72s elapsed (1 service on 1 host)
7057Initiating OS detection (try #1) against www.nikkei-buturyu.co.jp (219.101.223.158)
7058Retrying OS detection (try #2) against www.nikkei-buturyu.co.jp (219.101.223.158)
7059Initiating Traceroute at 21:11
7060Completed Traceroute at 21:11, 3.46s elapsed
7061Initiating Parallel DNS resolution of 13 hosts. at 21:11
7062Completed Parallel DNS resolution of 13 hosts. at 21:11, 0.44s elapsed
7063NSE: Script scanning 219.101.223.158.
7064Initiating NSE at 21:11
7065Completed NSE at 21:18, 398.19s elapsed
7066Initiating NSE at 21:18
7067Completed NSE at 21:18, 4.26s elapsed
7068Nmap scan report for www.nikkei-buturyu.co.jp (219.101.223.158)
7069Host is up (0.43s latency).
7070rDNS record for 219.101.223.158: www1.nikkei-buturyu.co.jp
7071
7072PORT STATE SERVICE VERSION
7073443/tcp open ssl/https?
7074|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
7075| http-brute:
7076|_ Path "/" does not require authentication
7077|_http-chrono: Request times for /; avg: 9448.24ms; min: 9309.62ms; max: 9626.34ms
7078|_http-csrf: Couldn't find any CSRF vulnerabilities.
7079|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
7080|_http-dombased-xss: Couldn't find any DOM based XSS.
7081|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
7082|_http-errors: ERROR: Script execution failed (use -d to debug)
7083|_http-feed: Couldn't find any feeds.
7084|_http-fetch: Please enter the complete path of the directory to save data in.
7085|_http-jsonp-detection: Couldn't find any JSONP endpoints.
7086|_http-mobileversion-checker: No mobile version detected.
7087| http-security-headers:
7088| Strict_Transport_Security:
7089|_ HSTS not configured in HTTPS Server
7090| http-sitemap-generator:
7091| Directory structure:
7092| Longest directory structure:
7093| Depth: 0
7094| Dir: /
7095| Total files found (by extension):
7096|_
7097|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
7098| http-vhosts:
7099|_127 names had status ERROR
7100|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
7101|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
7102|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
7103|_http-xssed: No previously reported XSS vuln.
7104Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7105Device type: general purpose
7106Running (JUST GUESSING): Microsoft Windows 7|2008|8.1|Vista (91%)
7107OS CPE: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::sp1:home_premium cpe:/o:microsoft:windows_8
7108Aggressive OS guesses: Microsoft Windows 7 SP1 or Windows Server 2008 (91%), Microsoft Windows 7 Ultimate (91%), Microsoft Windows 8.1 (91%), Microsoft Windows 8.1 Update 1 (91%), Microsoft Windows 7 SP1 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 (91%), Microsoft Windows Windows 7 SP1 (91%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (91%), Microsoft Windows Vista SP1 (91%), Microsoft Windows 8.1 Enterprise (88%)
7109No exact OS matches for host (test conditions non-ideal).
7110Uptime guess: 92.668 days (since Wed Jul 24 05:15:44 2019)
7111Network Distance: 22 hops
7112TCP Sequence Prediction: Difficulty=258 (Good luck!)
7113IP ID Sequence Generation: Busy server or unknown class
7114
7115TRACEROUTE (using port 443/tcp)
7116HOP RTT ADDRESS
71171 248.49 ms 10.253.204.1
71182 348.43 ms 45.131.5.3
71193 348.40 ms 109.236.95.226
71204 348.46 ms 109.236.95.106
71215 348.49 ms adm-b3-link.telia.net (213.248.92.236)
71226 449.05 ms adm-bb4-link.telia.net (62.115.115.168)
71237 449.05 ms ldn-bb3-link.telia.net (62.115.113.211)
71248 449.04 ms nyk-bb4-link.telia.net (62.115.113.20)
71259 449.10 ms sjo-b21-link.telia.net (62.115.119.229)
712610 449.06 ms softbank-ic-323269-sjo-b21.c.telia.net (213.248.88.78)
712711 ... 19
712820 375.05 ms 219.101.222.14
712921 557.37 ms nlmfgate.nikkeikin.co.jp (219.101.223.131)
713022 480.38 ms www1.nikkei-buturyu.co.jp (219.101.223.158)
7131
7132NSE: Script Post-scanning.
7133Initiating NSE at 21:18
7134Completed NSE at 21:18, 0.00s elapsed
7135Initiating NSE at 21:18
7136Completed NSE at 21:18, 0.00s elapsed
7137######################################################################################################################################
7138Version: 1.11.13-static
7139OpenSSL 1.0.2-chacha (1.0.2g-dev)
7140
7141Connected to 219.101.223.158
7142
7143Testing SSL server www.nikkei-buturyu.co.jp on port 443 using SNI name www.nikkei-buturyu.co.jp
7144
7145 TLS Fallback SCSV:
7146Server only supports TLSv1.0
7147
7148 TLS renegotiation:
7149Secure session renegotiation supported
7150
7151 TLS Compression:
7152Compression enabled (CRIME)
7153
7154 Heartbleed:
7155TLS 1.2 not vulnerable to heartbleed
7156TLS 1.1 not vulnerable to heartbleed
7157TLS 1.0 not vulnerable to heartbleed
7158
7159 Supported Server Cipher(s):
7160Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
7161Accepted TLSv1.0 256 bits AES256-SHA
7162Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
7163Accepted TLSv1.0 128 bits AES128-SHA
7164Accepted TLSv1.0 128 bits RC4-SHA
7165Accepted TLSv1.0 128 bits RC4-MD5
7166Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
7167Accepted TLSv1.0 112 bits DES-CBC3-SHA
7168Accepted TLSv1.0 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
7169Accepted TLSv1.0 56 bits DES-CBC-SHA
7170Accepted TLSv1.0 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
7171Accepted TLSv1.0 40 bits EXP-DES-CBC-SHA RSA 512 bits
7172Accepted TLSv1.0 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
7173Accepted TLSv1.0 40 bits EXP-RC4-MD5 RSA 512 bits
7174Preferred SSLv3 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
7175Accepted SSLv3 256 bits AES256-SHA
7176Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
7177Accepted SSLv3 128 bits AES128-SHA
7178Accepted SSLv3 128 bits RC4-SHA
7179Accepted SSLv3 128 bits RC4-MD5
7180Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
7181Accepted SSLv3 112 bits DES-CBC3-SHA
7182Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
7183Accepted SSLv3 56 bits DES-CBC-SHA
7184Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
7185Accepted SSLv3 40 bits EXP-DES-CBC-SHA RSA 512 bits
7186Accepted SSLv3 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
7187Accepted SSLv3 40 bits EXP-RC4-MD5 RSA 512 bits
7188Preferred SSLv2 128 bits RC2-CBC-MD5
7189Accepted SSLv2 128 bits RC4-MD5
7190Accepted SSLv2 112 bits DES-CBC3-MD5
7191Accepted SSLv2 56 bits DES-CBC-MD5
7192Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
7193Accepted SSLv2 40 bits EXP-RC4-MD5
7194
7195 SSL Certificate:
7196Signature Algorithm: sha256WithRSAEncryption
7197RSA Key Strength: 2048
7198
7199Subject: www.nikkeikin.co.jp
7200Altnames: DNS:www.nikkeikin.co.jp, DNS:www.nikkeikin.com, DNS:cn.nikkeikin.com, DNS:www.nikkeikinholdings.co.jp, DNS:www.nikkeikinholdings.com, DNS:cn.nikkeikinholdings.com, DNS:www.arumi-reinetsu.co.jp, DNS:www.excad.jp, DNS:www.nikkei-buturyu.co.jp, DNS:www.nikkei-metal.co.jp, DNS:www.nlm-ecal.co.jp, DNS:www.nlmna.com, DNS:www.shisaku.com, DNS:www.toyal.co.jp, DNS:www.fruehauf.co.jp, DNS:www.rikenkeikinzoku.co.jp, DNS:www.nikkeisangyo.co.jp, DNS:www.nfh-partssales.jp, DNS:nikkeikin.co.jp
7201Issuer: GlobalSign RSA OV SSL CA 2018
7202
7203Not valid before: Sep 1 23:56:04 2019 GMT
7204Not valid after: Jan 30 06:46:04 2020 GMT
7205######################################################################################################################################
7206------------------------------------------------------------------------------------------------------------------------
7207
7208[ ! ] Starting SCANNER INURLBR 2.1 at [24-10-2019 21:20:06]
7209[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
7210It is the end user's responsibility to obey all applicable local, state and federal laws.
7211Developers assume no liability and are not responsible for any misuse or damage caused by this program
7212
7213[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.nikkei-buturyu.co.jp/output/inurlbr-www.nikkei-buturyu.co.jp ]
7214[ INFO ][ DORK ]::[ site:www.nikkei-buturyu.co.jp ]
7215[ INFO ][ SEARCHING ]:: {
7216[ INFO ][ ENGINE ]::[ GOOGLE - www.google.sm ]
7217
7218[ INFO ][ SEARCHING ]::
7219-[:::]
7220[ INFO ][ ENGINE ]::[ GOOGLE API ]
7221
7222[ INFO ][ SEARCHING ]::
7223-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7224[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.mx ID: 006748068166572874491:55ez0c3j3ey ]
7225
7226[ INFO ][ SEARCHING ]::
7227-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7228
7229[ INFO ][ TOTAL FOUND VALUES ]:: [ 54 ]
7230
7231
7232 _[ - ]::--------------------------------------------------------------------------------------------------------------
7233|_[ + ] [ 0 / 54 ]-[21:20:27] [ - ]
7234|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/ ]
7235|_[ + ] Exploit::
7236|_[ + ] Information Server:: , , IP:219.101.223.158:443
7237|_[ + ] More details:: / - / , ISP:
7238|_[ + ] Found:: UNIDENTIFIED
7239
7240 _[ - ]::--------------------------------------------------------------------------------------------------------------
7241|_[ + ] [ 1 / 54 ]-[21:20:29] [ - ]
7242|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/grouplink/ ]
7243|_[ + ] Exploit::
7244|_[ + ] Information Server:: , , IP:219.101.223.158:443
7245|_[ + ] More details:: / - / , ISP:
7246|_[ + ] Found:: UNIDENTIFIED
7247
7248 _[ - ]::--------------------------------------------------------------------------------------------------------------
7249|_[ + ] [ 2 / 54 ]-[21:20:31] [ - ]
7250|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/ ]
7251|_[ + ] Exploit::
7252|_[ + ] Information Server:: , , IP:219.101.223.158:443
7253|_[ + ] More details:: / - / , ISP:
7254|_[ + ] Found:: UNIDENTIFIED
7255
7256 _[ - ]::--------------------------------------------------------------------------------------------------------------
7257|_[ + ] [ 3 / 54 ]-[21:20:33] [ - ]
7258|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/ ]
7259|_[ + ] Exploit::
7260|_[ + ] Information Server:: , , IP:219.101.223.158:443
7261|_[ + ] More details:: / - / , ISP:
7262|_[ + ] Found:: UNIDENTIFIED
7263
7264 _[ - ]::--------------------------------------------------------------------------------------------------------------
7265|_[ + ] [ 4 / 54 ]-[21:20:34] [ - ]
7266|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/ ]
7267|_[ + ] Exploit::
7268|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7269|_[ + ] More details:: / - / , ISP:
7270|_[ + ] Found:: UNIDENTIFIED
7271
7272 _[ - ]::--------------------------------------------------------------------------------------------------------------
7273|_[ + ] [ 5 / 54 ]-[21:20:37] [ - ]
7274|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/contact/ ]
7275|_[ + ] Exploit::
7276|_[ + ] Information Server:: , , IP:219.101.223.158:443
7277|_[ + ] More details:: / - / , ISP:
7278|_[ + ] Found:: UNIDENTIFIED
7279
7280 _[ - ]::--------------------------------------------------------------------------------------------------------------
7281|_[ + ] [ 6 / 54 ]-[21:20:39] [ - ]
7282|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/policy.html ]
7283|_[ + ] Exploit::
7284|_[ + ] Information Server:: , , IP:219.101.223.158:443
7285|_[ + ] More details:: / - / , ISP:
7286|_[ + ] Found:: UNIDENTIFIED
7287
7288 _[ - ]::--------------------------------------------------------------------------------------------------------------
7289|_[ + ] [ 7 / 54 ]-[21:20:41] [ - ]
7290|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/privacy.html ]
7291|_[ + ] Exploit::
7292|_[ + ] Information Server:: , , IP:219.101.223.158:443
7293|_[ + ] More details:: / - / , ISP:
7294|_[ + ] Found:: UNIDENTIFIED
7295
7296 _[ - ]::--------------------------------------------------------------------------------------------------------------
7297|_[ + ] [ 8 / 54 ]-[21:20:43] [ - ]
7298|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/sitemap.html ]
7299|_[ + ] Exploit::
7300|_[ + ] Information Server:: , , IP:219.101.223.158:443
7301|_[ + ] More details:: / - / , ISP:
7302|_[ + ] Found:: UNIDENTIFIED
7303
7304 _[ - ]::--------------------------------------------------------------------------------------------------------------
7305|_[ + ] [ 9 / 54 ]-[21:20:45] [ - ]
7306|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/senior.html ]
7307|_[ + ] Exploit::
7308|_[ + ] Information Server:: , , IP:219.101.223.158:443
7309|_[ + ] More details:: / - / , ISP:
7310|_[ + ] Found:: UNIDENTIFIED
7311
7312 _[ - ]::--------------------------------------------------------------------------------------------------------------
7313|_[ + ] [ 10 / 54 ]-[21:20:47] [ - ]
7314|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/environment/nlc.pdf ]
7315|_[ + ] Exploit::
7316|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7317|_[ + ] More details:: / - / , ISP:
7318|_[ + ] Found:: UNIDENTIFIED
7319
7320 _[ - ]::--------------------------------------------------------------------------------------------------------------
7321|_[ + ] [ 11 / 54 ]-[21:20:49] [ - ]
7322|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/safety/safety.pdf ]
7323|_[ + ] Exploit::
7324|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7325|_[ + ] More details:: / - / , ISP:
7326|_[ + ] Found:: UNIDENTIFIED
7327
7328 _[ - ]::--------------------------------------------------------------------------------------------------------------
7329|_[ + ] [ 12 / 54 ]-[21:20:51] [ - ]
7330|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/branch.html ]
7331|_[ + ] Exploit::
7332|_[ + ] Information Server:: , , IP:219.101.223.158:443
7333|_[ + ] More details:: / - / , ISP:
7334|_[ + ] Found:: UNIDENTIFIED
7335
7336 _[ - ]::--------------------------------------------------------------------------------------------------------------
7337|_[ + ] [ 13 / 54 ]-[21:20:53] [ - ]
7338|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/about.html ]
7339|_[ + ] Exploit::
7340|_[ + ] Information Server:: , , IP:219.101.223.158:443
7341|_[ + ] More details:: / - / , ISP:
7342|_[ + ] Found:: UNIDENTIFIED
7343
7344 _[ - ]::--------------------------------------------------------------------------------------------------------------
7345|_[ + ] [ 14 / 54 ]-[21:20:55] [ - ]
7346|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/environment/index.html ]
7347|_[ + ] Exploit::
7348|_[ + ] Information Server:: , , IP:219.101.223.158:443
7349|_[ + ] More details:: / - / , ISP:
7350|_[ + ] Found:: UNIDENTIFIED
7351
7352 _[ - ]::--------------------------------------------------------------------------------------------------------------
7353|_[ + ] [ 15 / 54 ]-[21:20:57] [ - ]
7354|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/prospectus/system.html ]
7355|_[ + ] Exploit::
7356|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7357|_[ + ] More details:: / - / , ISP:
7358|_[ + ] Found:: UNIDENTIFIED
7359
7360 _[ - ]::--------------------------------------------------------------------------------------------------------------
7361|_[ + ] [ 16 / 54 ]-[21:20:59] [ - ]
7362|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/suggest.html ]
7363|_[ + ] Exploit::
7364|_[ + ] Information Server:: , , IP:219.101.223.158:443
7365|_[ + ] More details:: / - / , ISP:
7366|_[ + ] Found:: UNIDENTIFIED
7367
7368 _[ - ]::--------------------------------------------------------------------------------------------------------------
7369|_[ + ] [ 17 / 54 ]-[21:21:01] [ - ]
7370|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/safety/index.html ]
7371|_[ + ] Exploit::
7372|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7373|_[ + ] More details:: / - / , ISP:
7374|_[ + ] Found:: UNIDENTIFIED
7375
7376 _[ - ]::--------------------------------------------------------------------------------------------------------------
7377|_[ + ] [ 18 / 54 ]-[21:21:03] [ - ]
7378|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/pallete.html ]
7379|_[ + ] Exploit::
7380|_[ + ] Information Server:: , , IP:219.101.223.158:443
7381|_[ + ] More details:: / - / , ISP:
7382|_[ + ] Found:: UNIDENTIFIED
7383
7384 _[ - ]::--------------------------------------------------------------------------------------------------------------
7385|_[ + ] [ 19 / 54 ]-[21:21:05] [ - ]
7386|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/international.html ]
7387|_[ + ] Exploit::
7388|_[ + ] Information Server:: , , IP:219.101.223.158:443
7389|_[ + ] More details:: / - / , ISP:
7390|_[ + ] Found:: UNIDENTIFIED
7391
7392 _[ - ]::--------------------------------------------------------------------------------------------------------------
7393|_[ + ] [ 20 / 54 ]-[21:21:07] [ - ]
7394|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/about/message.html ]
7395|_[ + ] Exploit::
7396|_[ + ] Information Server:: , , IP:219.101.223.158:443
7397|_[ + ] More details:: / - / , ISP:
7398|_[ + ] Found:: UNIDENTIFIED
7399
7400 _[ - ]::--------------------------------------------------------------------------------------------------------------
7401|_[ + ] [ 21 / 54 ]-[21:21:09] [ - ]
7402|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/prospectus.html ]
7403|_[ + ] Exploit::
7404|_[ + ] Information Server:: , , IP:219.101.223.158:443
7405|_[ + ] More details:: / - / , ISP:
7406|_[ + ] Found:: UNIDENTIFIED
7407
7408 _[ - ]::--------------------------------------------------------------------------------------------------------------
7409|_[ + ] [ 22 / 54 ]-[21:21:11] [ - ]
7410|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/prospectus/special.html ]
7411|_[ + ] Exploit::
7412|_[ + ] Information Server:: , , IP:219.101.223.158:443
7413|_[ + ] More details:: / - / , ISP:
7414|_[ + ] Found:: UNIDENTIFIED
7415
7416 _[ - ]::--------------------------------------------------------------------------------------------------------------
7417|_[ + ] [ 23 / 54 ]-[21:21:13] [ - ]
7418|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/career.html ]
7419|_[ + ] Exploit::
7420|_[ + ] Information Server:: , , IP:219.101.223.158:443
7421|_[ + ] More details:: / - / , ISP:
7422|_[ + ] Found:: UNIDENTIFIED
7423
7424 _[ - ]::--------------------------------------------------------------------------------------------------------------
7425|_[ + ] [ 24 / 54 ]-[21:21:15] [ - ]
7426|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/about/philosophy.html ]
7427|_[ + ] Exploit::
7428|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7429|_[ + ] More details:: / - / , ISP:
7430|_[ + ] Found:: UNIDENTIFIED
7431
7432 _[ - ]::--------------------------------------------------------------------------------------------------------------
7433|_[ + ] [ 25 / 54 ]-[21:21:17] [ - ]
7434|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/index.html ]
7435|_[ + ] Exploit::
7436|_[ + ] Information Server:: , , IP:219.101.223.158:443
7437|_[ + ] More details:: / - / , ISP:
7438|_[ + ] Found:: UNIDENTIFIED
7439
7440 _[ - ]::--------------------------------------------------------------------------------------------------------------
7441|_[ + ] [ 26 / 54 ]-[21:21:19] [ - ]
7442|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatad.pdf ]
7443|_[ + ] Exploit::
7444|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7445|_[ + ] More details:: / - / , ISP:
7446|_[ + ] Found:: UNIDENTIFIED
7447
7448 _[ - ]::--------------------------------------------------------------------------------------------------------------
7449|_[ + ] [ 27 / 54 ]-[21:21:21] [ - ]
7450|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/KYUJINHYOU.pdf ]
7451|_[ + ] Exploit::
7452|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7453|_[ + ] More details:: / - / , ISP:
7454|_[ + ] Found:: UNIDENTIFIED
7455
7456 _[ - ]::--------------------------------------------------------------------------------------------------------------
7457|_[ + ] [ 28 / 54 ]-[21:21:23] [ - ]
7458|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsanuki2.pdf ]
7459|_[ + ] Exploit::
7460|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7461|_[ + ] More details:: / - / , ISP:
7462|_[ + ] Found:: UNIDENTIFIED
7463
7464 _[ - ]::--------------------------------------------------------------------------------------------------------------
7465|_[ + ] [ 29 / 54 ]-[21:21:25] [ - ]
7466|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkoda.pdf ]
7467|_[ + ] Exploit::
7468|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7469|_[ + ] More details:: / - / , ISP:
7470|_[ + ] Found:: UNIDENTIFIED
7471
7472 _[ - ]::--------------------------------------------------------------------------------------------------------------
7473|_[ + ] [ 30 / 54 ]-[21:21:27] [ - ]
7474|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsoumu.pdf ]
7475|_[ + ] Exploit::
7476|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7477|_[ + ] More details:: / - / , ISP:
7478|_[ + ] Found:: UNIDENTIFIED
7479
7480 _[ - ]::--------------------------------------------------------------------------------------------------------------
7481|_[ + ] [ 31 / 54 ]-[21:21:29] [ - ]
7482|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinyamagatas.pdf ]
7483|_[ + ] Exploit::
7484|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7485|_[ + ] More details:: / - / , ISP:
7486|_[ + ] Found:: UNIDENTIFIED
7487
7488 _[ - ]::--------------------------------------------------------------------------------------------------------------
7489|_[ + ] [ 32 / 54 ]-[21:21:31] [ - ]
7490|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/new-employee.html ]
7491|_[ + ] Exploit::
7492|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7493|_[ + ] More details:: / - / , ISP:
7494|_[ + ] Found:: UNIDENTIFIED
7495
7496 _[ - ]::--------------------------------------------------------------------------------------------------------------
7497|_[ + ] [ 33 / 54 ]-[21:21:33] [ - ]
7498|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinsapporo.pdf ]
7499|_[ + ] Exploit::
7500|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7501|_[ + ] More details:: / - / , ISP:
7502|_[ + ] Found:: UNIDENTIFIED
7503
7504 _[ - ]::--------------------------------------------------------------------------------------------------------------
7505|_[ + ] [ 34 / 54 ]-[21:21:35] [ - ]
7506|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2017.pdf ]
7507|_[ + ] Exploit::
7508|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7509|_[ + ] More details:: / - / , ISP:
7510|_[ + ] Found:: UNIDENTIFIED
7511
7512 _[ - ]::--------------------------------------------------------------------------------------------------------------
7513|_[ + ] [ 35 / 54 ]-[21:21:37] [ - ]
7514|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkanbara.pdf ]
7515|_[ + ] Exploit::
7516|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7517|_[ + ] More details:: / - / , ISP:
7518|_[ + ] Found:: UNIDENTIFIED
7519
7520 _[ - ]::--------------------------------------------------------------------------------------------------------------
7521|_[ + ] [ 36 / 54 ]-[21:21:39] [ - ]
7522|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinokayama.pdf ]
7523|_[ + ] Exploit::
7524|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7525|_[ + ] More details:: / - / , ISP:
7526|_[ + ] Found:: UNIDENTIFIED
7527
7528 _[ - ]::--------------------------------------------------------------------------------------------------------------
7529|_[ + ] [ 37 / 54 ]-[21:21:41] [ - ]
7530|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2019.pdf ]
7531|_[ + ] Exploit::
7532|_[ + ] Information Server:: , , IP:219.101.223.158:443
7533|_[ + ] More details:: / - / , ISP:
7534|_[ + ] Found:: UNIDENTIFIED
7535
7536 _[ - ]::--------------------------------------------------------------------------------------------------------------
7537|_[ + ] [ 38 / 54 ]-[21:21:43] [ - ]
7538|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkaika.pdf ]
7539|_[ + ] Exploit::
7540|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7541|_[ + ] More details:: / - / , ISP:
7542|_[ + ] Found:: UNIDENTIFIED
7543
7544 _[ - ]::--------------------------------------------------------------------------------------------------------------
7545|_[ + ] [ 39 / 54 ]-[21:21:45] [ - ]
7546|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujinkannbara3.pdf ]
7547|_[ + ] Exploit::
7548|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7549|_[ + ] More details:: / - / , ISP:
7550|_[ + ] Found:: UNIDENTIFIED
7551
7552 _[ - ]::--------------------------------------------------------------------------------------------------------------
7553|_[ + ] [ 40 / 54 ]-[21:21:47] [ - ]
7554|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kyujineigyou.pdf ]
7555|_[ + ] Exploit::
7556|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7557|_[ + ] More details:: / - / , ISP:
7558|_[ + ] Found:: UNIDENTIFIED
7559
7560 _[ - ]::--------------------------------------------------------------------------------------------------------------
7561|_[ + ] [ 41 / 54 ]-[21:21:49] [ - ]
7562|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/unyumanejimento2018.pdf ]
7563|_[ + ] Exploit::
7564|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7565|_[ + ] More details:: / - / , ISP:
7566|_[ + ] Found:: UNIDENTIFIED
7567
7568 _[ - ]::--------------------------------------------------------------------------------------------------------------
7569|_[ + ] [ 42 / 54 ]-[21:21:51] [ - ]
7570|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/UNYUMANEJIMENTO2016.pdf ]
7571|_[ + ] Exploit::
7572|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7573|_[ + ] More details:: / - / , ISP:
7574|_[ + ] Found:: UNIDENTIFIED
7575
7576 _[ - ]::--------------------------------------------------------------------------------------------------------------
7577|_[ + ] [ 43 / 54 ]-[21:21:53] [ - ]
7578|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikikaisei2018.pdf ]
7579|_[ + ] Exploit::
7580|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7581|_[ + ] More details:: / - / , ISP:
7582|_[ + ] Found:: UNIDENTIFIED
7583
7584 _[ - ]::--------------------------------------------------------------------------------------------------------------
7585|_[ + ] [ 44 / 54 ]-[21:21:55] [ - ]
7586|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenkou201804.pdf ]
7587|_[ + ] Exploit::
7588|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7589|_[ + ] More details:: / - / , ISP:
7590|_[ + ] Found:: UNIDENTIFIED
7591
7592 _[ - ]::--------------------------------------------------------------------------------------------------------------
7593|_[ + ] [ 45 / 54 ]-[21:21:57] [ - ]
7594|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyohozen2016.pdf ]
7595|_[ + ] Exploit::
7596|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7597|_[ + ] More details:: / - / , ISP:
7598|_[ + ] Found:: UNIDENTIFIED
7599
7600 _[ - ]::--------------------------------------------------------------------------------------------------------------
7601|_[ + ] [ 46 / 54 ]-[21:21:59] [ - ]
7602|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen.pdf ]
7603|_[ + ] Exploit::
7604|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7605|_[ + ] More details:: / - / , ISP:
7606|_[ + ] Found:: UNIDENTIFIED
7607
7608 _[ - ]::--------------------------------------------------------------------------------------------------------------
7609|_[ + ] [ 47 / 54 ]-[21:22:01] [ - ]
7610|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/organization.pdf ]
7611|_[ + ] Exploit::
7612|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7613|_[ + ] More details:: / - / , ISP:
7614|_[ + ] Found:: UNIDENTIFIED
7615
7616 _[ - ]::--------------------------------------------------------------------------------------------------------------
7617|_[ + ] [ 48 / 54 ]-[21:22:03] [ - ]
7618|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/pdf/souritukinenaisatu.pdf ]
7619|_[ + ] Exploit::
7620|_[ + ] Information Server:: , , IP:219.101.223.158:443
7621|_[ + ] More details:: / - / , ISP:
7622|_[ + ] Found:: UNIDENTIFIED
7623
7624 _[ - ]::--------------------------------------------------------------------------------------------------------------
7625|_[ + ] [ 49 / 54 ]-[21:22:05] [ - ]
7626|_[ + ] Target:: [ https://www.nikkei-buturyu.co.jp/news/2017/index.html ]
7627|_[ + ] Exploit::
7628|_[ + ] Information Server:: , , IP:219.101.223.158:443
7629|_[ + ] More details:: / - / , ISP:
7630|_[ + ] Found:: UNIDENTIFIED
7631
7632 _[ - ]::--------------------------------------------------------------------------------------------------------------
7633|_[ + ] [ 50 / 54 ]-[21:22:07] [ - ]
7634|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/2018/index.html ]
7635|_[ + ] Exploit::
7636|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7637|_[ + ] More details:: / - / , ISP:
7638|_[ + ] Found:: UNIDENTIFIED
7639
7640 _[ - ]::--------------------------------------------------------------------------------------------------------------
7641|_[ + ] [ 51 / 54 ]-[21:22:09] [ - ]
7642|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/2015/index.html ]
7643|_[ + ] Exploit::
7644|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7645|_[ + ] More details:: / - / , ISP:
7646|_[ + ] Found:: UNIDENTIFIED
7647
7648 _[ - ]::--------------------------------------------------------------------------------------------------------------
7649|_[ + ] [ 52 / 54 ]-[21:22:11] [ - ]
7650|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/news/pdf/sosikihenko.pdf ]
7651|_[ + ] Exploit::
7652|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7653|_[ + ] More details:: / - / , ISP:
7654|_[ + ] Found:: UNIDENTIFIED
7655
7656 _[ - ]::--------------------------------------------------------------------------------------------------------------
7657|_[ + ] [ 53 / 54 ]-[21:22:13] [ - ]
7658|_[ + ] Target:: [ http://www.nikkei-buturyu.co.jp/recruitment/pdf/kankyouhozen2018.pdf ]
7659|_[ + ] Exploit::
7660|_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Apache , IP:219.101.223.158:80
7661|_[ + ] More details:: / - / , ISP:
7662|_[ + ] Found:: UNIDENTIFIED
7663
7664[ INFO ] [ Shutting down ]
7665[ INFO ] [ End of process INURLBR at [24-10-2019 21:22:13]
7666[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
7667[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.nikkei-buturyu.co.jp/output/inurlbr-www.nikkei-buturyu.co.jp ]
7668|_________________________________________________________________________________________
7669
7670\_________________________________________________________________________________________/
7671######################################################################################################################################
7672Hosts
7673=====
7674
7675address mac name os_name os_flavor os_sp purpose info comments
7676------- --- ---- ------- --------- ----- ------- ---- --------
7677219.101.223.158 www1.nikkei-buturyu.co.jp Unknown device
7678
7679Services
7680========
7681
7682host port proto name state info
7683---- ---- ----- ---- ----- ----
7684219.101.223.158 53 udp domain unknown
7685219.101.223.158 67 udp dhcps unknown
7686219.101.223.158 68 udp dhcpc unknown
7687219.101.223.158 69 udp tftp unknown
7688219.101.223.158 80 tcp http open
7689219.101.223.158 88 udp kerberos-sec unknown
7690219.101.223.158 123 udp ntp unknown
7691219.101.223.158 139 udp netbios-ssn unknown
7692219.101.223.158 161 udp snmp unknown
7693219.101.223.158 162 udp snmptrap unknown
7694219.101.223.158 389 udp ldap unknown
7695219.101.223.158 443 tcp https open
7696219.101.223.158 500 udp isakmp unknown
7697219.101.223.158 520 udp route unknown
7698219.101.223.158 2049 udp nfs unknown
7699#######################################################################################################################################
7700Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 19:46 EDT
7701Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
7702Host is up (0.34s latency).
7703Not shown: 995 filtered ports, 3 closed ports
7704Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
7705PORT STATE SERVICE
770680/tcp open http
7707443/tcp open https
7708
7709Nmap done: 1 IP address (1 host up) scanned in 21.81 seconds
7710######################################################################################################################################
7711Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 19:46 EDT
7712Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
7713Host is up (0.24s latency).
7714Not shown: 2 filtered ports
7715PORT STATE SERVICE
771653/udp open|filtered domain
771767/udp open|filtered dhcps
771868/udp open|filtered dhcpc
771969/udp open|filtered tftp
772088/udp open|filtered kerberos-sec
7721123/udp open|filtered ntp
7722139/udp open|filtered netbios-ssn
7723161/udp open|filtered snmp
7724162/udp open|filtered snmptrap
7725389/udp open|filtered ldap
7726500/udp open|filtered isakmp
7727520/udp open|filtered route
77282049/udp open|filtered nfs
7729
7730Nmap done: 1 IP address (1 host up) scanned in 5.37 seconds
7731######################################################################################################################################
7732Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 19:47 EDT
7733NSE: Loaded 163 scripts for scanning.
7734NSE: Script Pre-scanning.
7735Initiating NSE at 19:47
7736Completed NSE at 19:47, 0.00s elapsed
7737Initiating NSE at 19:47
7738Completed NSE at 19:47, 0.00s elapsed
7739Initiating Parallel DNS resolution of 1 host. at 19:47
7740Completed Parallel DNS resolution of 1 host. at 19:47, 0.02s elapsed
7741Initiating SYN Stealth Scan at 19:47
7742Scanning www1.nikkei-buturyu.co.jp (219.101.223.158) [1 port]
7743Discovered open port 80/tcp on 219.101.223.158
7744Completed SYN Stealth Scan at 19:47, 0.37s elapsed (1 total ports)
7745Initiating Service scan at 19:47
7746Scanning 1 service on www1.nikkei-buturyu.co.jp (219.101.223.158)
7747Completed Service scan at 19:47, 6.83s elapsed (1 service on 1 host)
7748Initiating OS detection (try #1) against www1.nikkei-buturyu.co.jp (219.101.223.158)
7749Retrying OS detection (try #2) against www1.nikkei-buturyu.co.jp (219.101.223.158)
7750Initiating Traceroute at 19:47
7751Completed Traceroute at 19:47, 3.37s elapsed
7752Initiating Parallel DNS resolution of 13 hosts. at 19:47
7753Completed Parallel DNS resolution of 13 hosts. at 19:47, 1.32s elapsed
7754NSE: Script scanning 219.101.223.158.
7755Initiating NSE at 19:47
7756NSE: [http-wordpress-enum 219.101.223.158:80] got no answers from pipelined queries
7757Completed NSE at 19:49, 93.39s elapsed
7758Initiating NSE at 19:49
7759Completed NSE at 19:49, 2.01s elapsed
7760Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
7761Host is up (0.42s latency).
7762
7763PORT STATE SERVICE VERSION
776480/tcp open http Apache httpd
7765| http-brute:
7766|_ Path "/" does not require authentication
7767|_http-chrono: Request times for /; avg: 1196.08ms; min: 1171.07ms; max: 1225.56ms
7768|_http-csrf: Couldn't find any CSRF vulnerabilities.
7769|_http-date: Thu, 24 Oct 2019 23:49:00 GMT; +1m24s from local time.
7770|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
7771|_http-dombased-xss: Couldn't find any DOM based XSS.
7772|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
7773|_http-errors: Couldn't find any error pages.
7774|_http-feed: Couldn't find any feeds.
7775|_http-fetch: Please enter the complete path of the directory to save data in.
7776| http-headers:
7777| Date: Thu, 24 Oct 2019 23:49:09 GMT
7778| Server: Apache
7779| Location: https://www1.nikkei-buturyu.co.jp/
7780| Content-Length: 218
7781| Connection: close
7782| Content-Type: text/html; charset=iso-8859-1
7783|
7784|_ (Request type: GET)
7785|_http-jsonp-detection: Couldn't find any JSONP endpoints.
7786| http-methods:
7787|_ Supported Methods: GET HEAD POST OPTIONS
7788|_http-mobileversion-checker: No mobile version detected.
7789|_http-passwd: ERROR: Script execution failed (use -d to debug)
7790|_http-security-headers:
7791|_http-server-header: Apache
7792| http-sitemap-generator:
7793| Directory structure:
7794| Longest directory structure:
7795| Depth: 0
7796| Dir: /
7797| Total files found (by extension):
7798|_
7799|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
7800|_http-title: Did not follow redirect to https://www1.nikkei-buturyu.co.jp/
7801| http-vhosts:
7802|_127 names had status 302
7803|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
7804|_http-xssed: No previously reported XSS vuln.
7805|_https-redirect: ERROR: Script execution failed (use -d to debug)
7806| vulscan: VulDB - https://vuldb.com:
7807| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7808| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7809| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7810| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7811| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7812| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7813| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7814| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7815| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7816| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7817| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7818| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7819| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7820| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7821| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7822| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7823| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7824| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7825| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7826| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7827| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7828| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7829| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7830| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7831| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7832| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7833| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7834| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7835| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7836| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7837| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7838| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7839| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7840| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7841| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7842| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7843| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7844| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7845| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7846| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7847| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7848| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7849| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7850| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7851| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7852| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7853| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7854| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7855| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7856| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7857| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7858| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7859| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7860| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7861| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7862| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7863| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7864| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7865| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7866| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7867| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7868| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7869| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7870| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7871| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7872| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7873| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7874| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7875| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7876| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7877| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7878| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7879| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7880| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7881| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7882| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7883| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7884| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7885| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7886| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7887| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7888| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7889| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7890| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7891| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7892| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7893| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7894| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7895| [136370] Apache Fineract up to 1.2.x sql injection
7896| [136369] Apache Fineract up to 1.2.x sql injection
7897| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7898| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7899| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7900| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7901| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7902| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7903| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7904| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7905| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7906| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7907| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7908| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7909| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7910| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7911| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7912| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7913| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7914| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7915| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7916| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7917| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7918| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7919| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7920| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7921| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7922| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7923| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7924| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7925| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7926| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7927| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7928| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7929| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7930| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7931| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7932| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7933| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7934| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7935| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7936| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7937| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7938| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7939| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7940| [130629] Apache Guacamole Cookie Flag weak encryption
7941| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7942| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7943| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7944| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7945| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7946| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7947| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7948| [130123] Apache Airflow up to 1.8.2 information disclosure
7949| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7950| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7951| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7952| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7953| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7954| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7955| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7956| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7957| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7958| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7959| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7960| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7961| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7962| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7963| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7964| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7965| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7966| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7967| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7968| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7969| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7970| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7971| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7972| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7973| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7974| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7975| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7976| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7977| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7978| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7979| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7980| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7981| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7982| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7983| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7984| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7985| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7986| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7987| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7988| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7989| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7990| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7991| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7992| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7993| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7994| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7995| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7996| [127007] Apache Spark Request Code Execution
7997| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7998| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7999| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8000| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8001| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8002| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8003| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8004| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8005| [126346] Apache Tomcat Path privilege escalation
8006| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8007| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8008| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8009| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8010| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8011| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8012| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8013| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8014| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8015| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8016| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8017| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8018| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8019| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8020| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8021| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8022| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8023| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8024| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8025| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8026| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8027| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8028| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8029| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8030| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8031| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8032| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8033| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8034| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8035| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8036| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8037| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8038| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8039| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8040| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8041| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8042| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8043| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8044| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8045| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8046| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8047| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8048| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8049| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8050| [123197] Apache Sentry up to 2.0.0 privilege escalation
8051| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8052| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8053| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8054| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8055| [122800] Apache Spark 1.3.0 REST API weak authentication
8056| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8057| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8058| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8059| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8060| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8061| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8062| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8063| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8064| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8065| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8066| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8067| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8068| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8069| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8070| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8071| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8072| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8073| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8074| [121354] Apache CouchDB HTTP API Code Execution
8075| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8076| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8077| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8078| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8079| [120168] Apache CXF weak authentication
8080| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8081| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8082| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8083| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8084| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8085| [119306] Apache MXNet Network Interface privilege escalation
8086| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8087| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8088| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8089| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8090| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8091| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8092| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8093| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8094| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8095| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8096| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8097| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8098| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8099| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8100| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8101| [117115] Apache Tika up to 1.17 tika-server command injection
8102| [116929] Apache Fineract getReportType Parameter privilege escalation
8103| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8104| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8105| [116926] Apache Fineract REST Parameter privilege escalation
8106| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8107| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8108| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8109| [115883] Apache Hive up to 2.3.2 privilege escalation
8110| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8111| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8112| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8113| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8114| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8115| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8116| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8117| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8118| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8119| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8120| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8121| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8122| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8123| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8124| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8125| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8126| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8127| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8128| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8129| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8130| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8131| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8132| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8133| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8134| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8135| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8136| [113895] Apache Geode up to 1.3.x Code Execution
8137| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8138| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8139| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8140| [113747] Apache Tomcat Servlets privilege escalation
8141| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8142| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8143| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8144| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8145| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8146| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8147| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8148| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8149| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8150| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8151| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8152| [112885] Apache Allura up to 1.8.0 File information disclosure
8153| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8154| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8155| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8156| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8157| [112625] Apache POI up to 3.16 Loop denial of service
8158| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8159| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8160| [112339] Apache NiFi 1.5.0 Header privilege escalation
8161| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8162| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8163| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8164| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8165| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8166| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8167| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8168| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8169| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8170| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8171| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8172| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8173| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8174| [112114] Oracle 9.1 Apache Log4j privilege escalation
8175| [112113] Oracle 9.1 Apache Log4j privilege escalation
8176| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8177| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8178| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8179| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8180| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8181| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8182| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8183| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8184| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8185| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8186| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8187| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8188| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8189| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8190| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8191| [110701] Apache Fineract Query Parameter sql injection
8192| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8193| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8194| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8195| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8196| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8197| [110106] Apache CXF Fediz Spring cross site request forgery
8198| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8199| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8200| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8201| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8202| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8203| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8204| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8205| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8206| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8207| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8208| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8209| [108938] Apple macOS up to 10.13.1 apache denial of service
8210| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8211| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8212| [108935] Apple macOS up to 10.13.1 apache denial of service
8213| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8214| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8215| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8216| [108931] Apple macOS up to 10.13.1 apache denial of service
8217| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8218| [108929] Apple macOS up to 10.13.1 apache denial of service
8219| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8220| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8221| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8222| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8223| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8224| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8225| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8226| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8227| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8228| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8229| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8230| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8231| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8232| [108782] Apache Xerces2 XML Service denial of service
8233| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8234| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8235| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8236| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8237| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8238| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8239| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8240| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8241| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8242| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8243| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8244| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8245| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8246| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8247| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8248| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8249| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8250| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8251| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8252| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8253| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8254| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8255| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8256| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8257| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8258| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8259| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8260| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8261| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8262| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8263| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8264| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8265| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8266| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8267| [107639] Apache NiFi 1.4.0 XML External Entity
8268| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8269| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8270| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8271| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8272| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8273| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8274| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8275| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8276| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8277| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8278| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8279| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8280| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8281| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8282| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8283| [107084] Apache Struts up to 2.3.19 cross site scripting
8284| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8285| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8286| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8287| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8288| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8289| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8290| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8291| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8292| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8293| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8294| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8295| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8296| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8297| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8298| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8299| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8300| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8301| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8302| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8303| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8304| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8305| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8306| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8307| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8308| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8309| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8310| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8311| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8312| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8313| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8314| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8315| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8316| [105643] Apache Pony Mail up to 0.8b weak authentication
8317| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8318| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8319| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8320| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8321| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8322| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8323| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8324| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8325| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8326| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8327| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8328| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8329| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8330| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8331| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8332| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8333| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8334| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8335| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8336| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8337| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8338| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8339| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8340| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8341| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8342| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8343| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8344| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8345| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8346| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8347| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8348| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8349| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8350| [103690] Apache OpenMeetings 1.0.0 sql injection
8351| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8352| [103688] Apache OpenMeetings 1.0.0 weak encryption
8353| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8354| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8355| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8356| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8357| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8358| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8359| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8360| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8361| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8362| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8363| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8364| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8365| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8366| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8367| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8368| [103352] Apache Solr Node weak authentication
8369| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8370| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8371| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8372| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8373| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8374| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8375| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8376| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8377| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8378| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8379| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8380| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8381| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8382| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8383| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8384| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8385| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8386| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8387| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8388| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8389| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8390| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8391| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8392| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8393| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8394| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8395| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8396| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8397| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8398| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8399| [99937] Apache Batik up to 1.8 privilege escalation
8400| [99936] Apache FOP up to 2.1 privilege escalation
8401| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8402| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8403| [99930] Apache Traffic Server up to 6.2.0 denial of service
8404| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8405| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8406| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8407| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8408| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8409| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8410| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8411| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8412| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8413| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8414| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8415| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8416| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8417| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8418| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8419| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8420| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8421| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8422| [98605] Apple macOS up to 10.12.3 Apache denial of service
8423| [98604] Apple macOS up to 10.12.3 Apache denial of service
8424| [98603] Apple macOS up to 10.12.3 Apache denial of service
8425| [98602] Apple macOS up to 10.12.3 Apache denial of service
8426| [98601] Apple macOS up to 10.12.3 Apache denial of service
8427| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8428| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8429| [98199] Apache Camel Validation XML External Entity
8430| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8431| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8432| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8433| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8434| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8435| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8436| [97081] Apache Tomcat HTTPS Request denial of service
8437| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8438| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8439| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8440| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8441| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8442| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8443| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8444| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8445| [95311] Apache Storm UI Daemon privilege escalation
8446| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8447| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8448| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8449| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8450| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8451| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8452| [94540] Apache Tika 1.9 tika-server File information disclosure
8453| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8454| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8455| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8456| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8457| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8458| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8459| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8460| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8461| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8462| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8463| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8464| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8465| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8466| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8467| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8468| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8469| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8470| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8471| [93532] Apache Commons Collections Library Java privilege escalation
8472| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8473| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8474| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8475| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8476| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8477| [93098] Apache Commons FileUpload privilege escalation
8478| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8479| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8480| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8481| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8482| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8483| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8484| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8485| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8486| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8487| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8488| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8489| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8490| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8491| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8492| [92549] Apache Tomcat on Red Hat privilege escalation
8493| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8494| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8495| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8496| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8497| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8498| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8499| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8500| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8501| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8502| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8503| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8504| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8505| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8506| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8507| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8508| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8509| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8510| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8511| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8512| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8513| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8514| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8515| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8516| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8517| [92041] Apple macOS up to 10.11 ap certificate.ache_mod_php memory corruption
8518| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8519| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8520| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8521| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8522| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8523| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8524| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8525| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8526| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8527| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8528| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8529| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8530| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8531| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8532| [90263] Apache Archiva Header denial of service
8533| [90262] Apache Archiva Deserialize privilege escalation
8534| [90261] Apache Archiva XML DTD Connection privilege escalation
8535| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8536| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8537| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8538| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8539| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8540| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8541| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8542| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8543| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8544| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8545| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8546| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8547| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8548| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8549| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8550| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8551| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8552| [87765] Apache James Server 2.3.2 Command privilege escalation
8553| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8554| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8555| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8556| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8557| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8558| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8559| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8560| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8561| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8562| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8563| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8564| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8565| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8566| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8567| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8568| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8569| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8570| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8571| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8572| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8573| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8574| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8575| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8576| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8577| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8578| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8579| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8580| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8581| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8582| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8583| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8584| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8585| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8586| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8587| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8588| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8589| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8590| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8591| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8592| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8593| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8594| [82076] Apache Ranger up to 0.5.1 privilege escalation
8595| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8596| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8597| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8598| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8599| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8600| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8601| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8602| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8603| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8604| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8605| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8606| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8607| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8608| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8609| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8610| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8611| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8612| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8613| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8614| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8615| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8616| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8617| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8618| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8619| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8620| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8621| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8622| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8623| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8624| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8625| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8626| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8627| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8628| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8629| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8630| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8631| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8632| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8633| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8634| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8635| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8636| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8637| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8638| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8639| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8640| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8641| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8642| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8643| [78989] Apache Ambari up to 2.1.1 Open Redirect
8644| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8645| [78987] Apache Ambari up to 2.0.x cross site scripting
8646| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8647| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8648| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8649| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8650| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8651| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8652| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8653| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8654| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8655| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8656| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8657| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8658| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8659| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8660| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8661| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8662| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8663| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8664| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8665| [76567] Apache Struts 2.3.20 unknown vulnerability
8666| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8667| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8668| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8669| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8670| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8671| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8672| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8673| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8674| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8675| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8676| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8677| [74793] Apache Tomcat File Upload denial of service
8678| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8679| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8680| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8681| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8682| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8683| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8684| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8685| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8686| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8687| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8688| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8689| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8690| [74468] Apache Batik up to 1.6 denial of service
8691| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8692| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8693| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8694| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8695| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8696| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8697| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8698| [73731] Apache XML Security unknown vulnerability
8699| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8700| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8701| [73593] Apache Traffic Server up to 5.1.0 denial of service
8702| [73511] Apache POI up to 3.10 Deadlock denial of service
8703| [73510] Apache Solr up to 4.3.0 cross site scripting
8704| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8705| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8706| [73173] Apache CloudStack Stack-Based unknown vulnerability
8707| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8708| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8709| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8710| [72890] Apache Qpid 0.30 unknown vulnerability
8711| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8712| [72878] Apache Cordova 3.5.0 cross site request forgery
8713| [72877] Apache Cordova 3.5.0 cross site request forgery
8714| [72876] Apache Cordova 3.5.0 cross site request forgery
8715| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8716| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8717| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8718| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8719| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8720| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8721| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8722| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8723| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8724| [71629] Apache Axis2/C spoofing
8725| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8726| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8727| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8728| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8729| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8730| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8731| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8732| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8733| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8734| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8735| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8736| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8737| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8738| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8739| [70809] Apache POI up to 3.11 Crash denial of service
8740| [70808] Apache POI up to 3.10 unknown vulnerability
8741| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8742| [70749] Apache Axis up to 1.4 getCN spoofing
8743| [70701] Apache Traffic Server up to 3.3.5 denial of service
8744| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8745| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8746| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8747| [70661] Apache Subversion up to 1.6.17 denial of service
8748| [70660] Apache Subversion up to 1.6.17 spoofing
8749| [70659] Apache Subversion up to 1.6.17 spoofing
8750| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8751| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8752| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8753| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8754| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8755| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8756| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8757| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8758| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8759| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8760| [69846] Apache HBase up to 0.94.8 information disclosure
8761| [69783] Apache CouchDB up to 1.2.0 memory corruption
8762| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8763| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8764| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8765| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8766| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8767| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8768| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8769| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8770| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8771| [69431] Apache Archiva up to 1.3.6 cross site scripting
8772| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8773| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8774| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8775| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8776| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8777| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8778| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8779| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8780| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8781| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8782| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8783| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8784| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8785| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8786| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8787| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8788| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8789| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8790| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8791| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8792| [66356] Apache Wicket up to 6.8.0 information disclosure
8793| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8794| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8795| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8796| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8797| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8798| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8799| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8800| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8801| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8802| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8803| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8804| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8805| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8806| [65668] Apache Solr 4.0.0 Updater denial of service
8807| [65665] Apache Solr up to 4.3.0 denial of service
8808| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8809| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8810| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8811| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8812| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8813| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8814| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8815| [65410] Apache Struts 2.3.15.3 cross site scripting
8816| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8817| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8818| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8819| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8820| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8821| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8822| [65340] Apache Shindig 2.5.0 information disclosure
8823| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8824| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8825| [10826] Apache Struts 2 File privilege escalation
8826| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8827| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8828| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8829| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8830| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8831| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8832| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8833| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8834| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8835| [64722] Apache XML Security for C++ Heap-based memory corruption
8836| [64719] Apache XML Security for C++ Heap-based memory corruption
8837| [64718] Apache XML Security for C++ verify denial of service
8838| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8839| [64716] Apache XML Security for C++ spoofing
8840| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8841| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8842| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8843| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8844| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8845| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8846| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8847| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8848| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8849| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8850| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8851| [64467] Apache Geronimo 3.0 memory corruption
8852| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8853| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8854| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8855| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8856| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8857| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8858| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8859| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8860| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8861| [8873] Apache Struts 2.3.14 privilege escalation
8862| [8872] Apache Struts 2.3.14 privilege escalation
8863| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8864| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8865| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8866| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8867| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8868| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8869| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8870| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8871| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8872| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8873| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8874| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8875| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8876| [8427] Apache Tomcat Session Transaction weak authentication
8877| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8878| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8879| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8880| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8881| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8882| [63747] Apache Rave up to 0.20 User Account information disclosure
8883| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8884| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8885| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8886| [7687] Apache CXF up to 2.7.2 Token weak authentication
8887| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8888| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8889| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8890| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8891| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8892| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8893| [63090] Apache Tomcat up to 4.1.24 denial of service
8894| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8895| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8896| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8897| [62833] Apache CXF -/2.6.0 spoofing
8898| [62832] Apache Axis2 up to 1.6.2 spoofing
8899| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8900| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8901| [62826] Apache Libcloud up to 0.11.0 spoofing
8902| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8903| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8904| [62661] Apache Axis2 unknown vulnerability
8905| [62658] Apache Axis2 unknown vulnerability
8906| [62467] Apache Qpid up to 0.17 denial of service
8907| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8908| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8909| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8910| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8911| [62035] Apache Struts up to 2.3.4 denial of service
8912| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8913| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8914| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8915| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8916| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8917| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8918| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8919| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8920| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8921| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8922| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8923| [61229] Apache Sling up to 2.1.1 denial of service
8924| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8925| [61094] Apache Roller up to 5.0 cross site scripting
8926| [61093] Apache Roller up to 5.0 cross site request forgery
8927| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8928| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8929| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8930| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8931| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8932| [60708] Apache Qpid 0.12 unknown vulnerability
8933| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8934| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8935| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8936| [4882] Apache Wicket up to 1.5.4 directory traversal
8937| [4881] Apache Wicket up to 1.4.19 cross site scripting
8938| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8939| [60352] Apache Struts up to 2.2.3 memory corruption
8940| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8941| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8942| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8943| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8944| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8945| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8946| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8947| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8948| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8949| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8950| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8951| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8952| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8953| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8954| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8955| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8956| [59888] Apache Tomcat up to 6.0.6 denial of service
8957| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8958| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8959| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8960| [59850] Apache Geronimo up to 2.2.1 denial of service
8961| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8962| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8963| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8964| [58413] Apache Tomcat up to 6.0.10 spoofing
8965| [58381] Apache Wicket up to 1.4.17 cross site scripting
8966| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8967| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8968| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8969| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8970| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8971| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8972| [57568] Apache Archiva up to 1.3.4 cross site scripting
8973| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8974| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8975| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8976| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8977| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8978| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8979| [57025] Apache Tomcat up to 7.0.11 information disclosure
8980| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8981| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8982| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8983| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8984| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8985| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8986| [56512] Apache Continuum up to 1.4.0 cross site scripting
8987| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8988| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8989| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8990| [56441] Apache Tomcat up to 7.0.6 denial of service
8991| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8992| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8993| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8994| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8995| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8996| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8997| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8998| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8999| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9000| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9001| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9002| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9003| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9004| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9005| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9006| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9007| [54012] Apache Tomcat up to 6.0.10 denial of service
9008| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9009| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9010| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9011| [52894] Apache Tomcat up to 6.0.7 information disclosure
9012| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9013| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9014| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9015| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9016| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9017| [52584] Apache CouchDB up to 0.10.1 information disclosure
9018| [51757] Apache HTTP Server 2.0.44 cross site scripting
9019| [51756] Apache HTTP Server 2.0.44 spoofing
9020| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9021| [51690] Apache Tomcat up to 6.0 directory traversal
9022| [51689] Apache Tomcat up to 6.0 information disclosure
9023| [51688] Apache Tomcat up to 6.0 directory traversal
9024| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9025| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9026| [50626] Apache Solr 1.0.0 cross site scripting
9027| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9028| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9029| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9030| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9031| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9032| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9033| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9034| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9035| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9036| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9037| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9038| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9039| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9040| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9041| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9042| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9043| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9044| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9045| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9046| [47214] Apachefriends xampp 1.6.8 spoofing
9047| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9048| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9049| [47065] Apache Tomcat 4.1.23 cross site scripting
9050| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9051| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9052| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9053| [86625] Apache Struts directory traversal
9054| [44461] Apache Tomcat up to 5.5.0 information disclosure
9055| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9056| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9057| [43663] Apache Tomcat up to 6.0.16 directory traversal
9058| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9059| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9060| [43516] Apache Tomcat up to 4.1.20 directory traversal
9061| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9062| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9063| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9064| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9065| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9066| [40924] Apache Tomcat up to 6.0.15 information disclosure
9067| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9068| [40922] Apache Tomcat up to 6.0 information disclosure
9069| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9070| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9071| [40656] Apache Tomcat 5.5.20 information disclosure
9072| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9073| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9074| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9075| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9076| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9077| [40234] Apache Tomcat up to 6.0.15 directory traversal
9078| [40221] Apache HTTP Server 2.2.6 information disclosure
9079| [40027] David Castro Apache Authcas 0.4 sql injection
9080| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9081| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9082| [3414] Apache Tomcat WebDAV Stored privilege escalation
9083| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9084| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9085| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9086| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9087| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9088| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9089| [38524] Apache Geronimo 2.0 unknown vulnerability
9090| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9091| [38331] Apache Tomcat 4.1.24 information disclosure
9092| [38330] Apache Tomcat 4.1.24 information disclosure
9093| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9094| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9095| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9096| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9097| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9098| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9099| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9100| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9101| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9102| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9103| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9104| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9105| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9106| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9107| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9108| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9109| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9110| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9111| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9112| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9113| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9114| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9115| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9116| [34252] Apache HTTP Server denial of service
9117| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9118| [33877] Apache Opentaps 0.9.3 cross site scripting
9119| [33876] Apache Open For Business Project unknown vulnerability
9120| [33875] Apache Open For Business Project cross site scripting
9121| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9122| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9123|
9124| MITRE CVE - https://cve.mitre.org:
9125| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9126| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9127| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9128| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9129| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9130| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9131| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9132| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9133| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9134| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9135| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9136| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9137| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9138| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9139| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9140| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9141| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9142| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9143| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9144| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9145| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9146| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9147| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9148| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9149| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9150| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9151| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9152| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9153| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9154| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9155| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9156| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9157| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9158| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9159| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9160| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9161| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9162| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9163| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9164| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9165| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9166| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9167| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9168| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9169| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9170| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9171| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9172| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9173| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9174| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9175| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9176| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9177| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9178| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9179| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9180| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9181| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9182| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9183| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9184| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9185| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9186| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9187| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9188| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9189| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9190| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9191| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9192| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9193| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9194| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9195| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9196| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9197| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9198| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9199| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9200| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9201| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9202| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9203| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9204| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9205| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9206| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9207| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9208| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9209| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9210| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9211| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9212| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9213| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9214| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9215| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9216| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9217| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9218| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9219| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9220| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9221| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9222| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9223| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9224| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9225| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9226| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9227| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9228| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9229| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9230| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9231| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9232| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9233| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9234| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9235| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9236| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9237| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9238| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9239| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9240| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9241| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9242| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9243| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9244| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9245| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9246| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9247| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9248| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9249| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9250| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9251| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9252| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9253| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9254| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9255| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9256| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9257| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9258| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9259| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9260| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9261| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9262| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9263| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9264| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9265| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9266| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9267| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9268| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9269| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9270| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9271| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9272| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9273| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9274| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9275| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9276| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9277| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9278| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9279| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9280| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9281| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9282| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9283| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9284| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9285| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9286| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9287| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9288| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9289| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9290| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9291| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9292| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9293| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9294| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9295| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9296| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9297| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9298| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9299| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9300| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9301| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9302| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9303| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9304| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9305| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9306| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9307| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9308| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9309| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9310| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9311| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9312| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9313| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9314| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9315| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9316| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9317| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9318| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9319| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9320| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9321| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9322| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9323| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9324| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9325| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9326| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9327| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9328| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9329| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9330| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9331| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9332| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9333| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9334| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9335| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9336| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9337| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9338| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9339| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9340| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9341| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9342| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9343| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9344| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9345| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9346| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9347| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9348| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9349| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9350| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9351| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9352| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9353| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9354| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9355| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9356| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9357| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9358| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9359| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9360| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9361| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9362| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9363| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9364| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9365| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9366| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9367| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9368| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9369| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9370| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9371| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9372| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9373| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9374| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9375| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9376| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9377| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9378| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9379| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9380| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9381| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9382| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9383| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9384| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9385| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9386| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9387| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9388| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9389| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9390| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9391| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9392| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9393| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9394| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9395| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9396| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9397| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9398| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9399| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9400| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9401| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9402| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9403| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9404| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9405| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9406| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9407| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9408| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9409| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9410| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9411| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9412| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9413| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9414| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9415| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9416| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9417| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9418| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9419| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9420| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9421| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9422| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9423| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9424| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9425| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9426| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9427| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9428| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9429| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9430| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9431| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9432| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9433| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9434| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9435| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9436| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9437| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9438| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9439| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9440| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9441| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9442| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9443| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9444| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9445| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9446| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9447| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9448| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9449| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9450| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9451| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9452| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9453| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9454| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9455| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9456| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9457| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9458| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9459| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9460| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9461| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9462| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9463| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9464| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9465| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9466| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9467| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9468| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9469| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9470| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9471| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9472| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9473| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9474| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9475| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9476| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9477| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9478| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9479| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9480| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9481| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9482| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9483| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9484| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9485| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9486| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9487| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9488| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9489| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9490| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9491| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9492| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9493| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9494| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9495| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9496| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9497| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9498| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9499| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9500| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9501| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9502| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9503| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9504| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9505| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9506| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9507| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9508| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9509| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9510| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9511| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9512| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9513| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9514| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9515| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9516| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9517| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9518| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9519| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9520| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9521| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9522| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9523| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9524| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9525| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9526| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9527| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9528| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9529| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9530| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9531| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9532| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9533| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9534| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9535| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9536| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9537| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9538| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9539| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9540| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9541| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9542| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9543| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9544| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9545| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9546| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9547| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9548| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9549| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9550| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9551| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9552| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9553| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9554| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9555| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9556| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9557| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9558| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9559| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9560| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9561| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9562| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9563| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9564| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9565| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9566| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9567| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9568| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9569| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9570| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9571| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9572| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9573| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9574| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9575| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9576| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9577| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9578| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9579| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9580| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9581| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9582| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9583| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9584| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9585| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9586| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9587| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9588| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9589| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9590| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9591| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9592| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9593| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9594| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9595| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9596| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9597| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9598| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9599| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9600| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9601| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9602| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9603| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9604| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9605| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9606| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9607| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9608| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9609| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9610| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9611| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9612| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9613| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9614| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9615| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9616| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9617| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9618| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9619| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9620| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9621| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9622| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9623| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9624| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9625| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9626| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9627| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9628| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9629| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9630| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9631| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9632| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9633| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9634| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9635| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9636| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9637| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9638| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9639| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9640| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9641| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9642| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9643| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9644| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9645| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9646| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9647| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9648| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9649| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9650| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9651| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9652| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9653| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9654| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9655| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9656| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9657| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9658| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9659| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9660| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9661| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9662| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9663| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9664| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9665| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9666| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9667| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9668| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9669| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9670| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9671| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9672| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9673| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9674| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9675| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9676| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9677| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9678| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9679| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9680| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9681| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9682| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9683| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9684| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9685| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9686| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9687| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9688| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9689| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9690| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9691| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9692| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9693| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9694| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9695| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9696| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9697| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9698| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9699| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9700| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9701| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9702| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9703| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9704| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9705| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9706| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9707| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9708| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9709| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9710| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9711| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9712| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9713| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9714| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9715| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9716| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9717| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9718| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9719| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9720| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9721| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9722| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9723| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9724| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9725| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9726| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9727| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9728| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9729| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9730| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9731| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9732| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9733| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9734|
9735| SecurityFocus - https://www.securityfocus.com/bid/:
9736| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9737| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9738| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9739| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9740| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9741| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9742| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9743| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9744| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9745| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9746| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9747| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9748| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9749| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9750| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9751| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9752| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9753| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9754| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9755| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9756| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9757| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9758| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9759| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9760| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9761| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9762| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9763| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9764| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9765| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9766| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9767| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9768| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9769| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9770| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9771| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9772| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9773| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9774| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9775| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9776| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9777| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9778| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9779| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9780| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9781| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9782| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9783| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9784| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9785| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9786| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9787| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9788| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9789| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9790| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9791| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9792| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9793| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9794| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9795| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9796| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9797| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9798| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9799| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9800| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9801| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9802| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9803| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9804| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9805| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9806| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9807| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9808| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9809| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9810| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9811| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9812| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9813| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9814| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9815| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9816| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9817| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9818| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9819| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9820| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9821| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9822| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9823| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9824| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9825| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9826| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9827| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9828| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9829| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9830| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9831| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9832| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9833| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9834| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9835| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9836| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9837| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9838| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9839| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9840| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9841| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9842| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9843| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9844| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9845| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9846| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9847| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9848| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9849| [100447] Apache2Triad Multiple Security Vulnerabilities
9850| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9851| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9852| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9853| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9854| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9855| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9856| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9857| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9858| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9859| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9860| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9861| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9862| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9863| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9864| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9865| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9866| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9867| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9868| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9869| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9870| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9871| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9872| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9873| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9874| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9875| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9876| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9877| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9878| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9879| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9880| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9881| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9882| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9883| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9884| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9885| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9886| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9887| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9888| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9889| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9890| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9891| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9892| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9893| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9894| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9895| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9896| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9897| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9898| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9899| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9900| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9901| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9902| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9903| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9904| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9905| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9906| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9907| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9908| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9909| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9910| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9911| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9912| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9913| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9914| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9915| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9916| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9917| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9918| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9919| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9920| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9921| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9922| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9923| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9924| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9925| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9926| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9927| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9928| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9929| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9930| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9931| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9932| [95675] Apache Struts Remote Code Execution Vulnerability
9933| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9934| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9935| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9936| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9937| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9938| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9939| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9940| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9941| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9942| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9943| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9944| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9945| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9946| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9947| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9948| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9949| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9950| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9951| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9952| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9953| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9954| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9955| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9956| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9957| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9958| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9959| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9960| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9961| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9962| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9963| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9964| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9965| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9966| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9967| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9968| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9969| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9970| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9971| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9972| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9973| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9974| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9975| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9976| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9977| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9978| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9979| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9980| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9981| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9982| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9983| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9984| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9985| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9986| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9987| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9988| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9989| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9990| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9991| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9992| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9993| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9994| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9995| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9996| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9997| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9998| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9999| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10000| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10001| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10002| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10003| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10004| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10005| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10006| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10007| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10008| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10009| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10010| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10011| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10012| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10013| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10014| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10015| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10016| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10017| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10018| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10019| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10020| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10021| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10022| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10023| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10024| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10025| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10026| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10027| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10028| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10029| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10030| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10031| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10032| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10033| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10034| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10035| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10036| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10037| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10038| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10039| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10040| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10041| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10042| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10043| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10044| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10045| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10046| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10047| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10048| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10049| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10050| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10051| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10052| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10053| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10054| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10055| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10056| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10057| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10058| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10059| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10060| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10061| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10062| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10063| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10064| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10065| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10066| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10067| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10068| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10069| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10070| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10071| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10072| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10073| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10074| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10075| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10076| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10077| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10078| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10079| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10080| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10081| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10082| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10083| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10084| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10085| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10086| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10087| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10088| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10089| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10090| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10091| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10092| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10093| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10094| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10095| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10096| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10097| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10098| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10099| [76933] Apache James Server Unspecified Command Execution Vulnerability
10100| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10101| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10102| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10103| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10104| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10105| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10106| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10107| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10108| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10109| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10110| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10111| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10112| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10113| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10114| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10115| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10116| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10117| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10118| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10119| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10120| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10121| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10122| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10123| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10124| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10125| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10126| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10127| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10128| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10129| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10130| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10131| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10132| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10133| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10134| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10135| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10136| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10137| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10138| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10139| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10140| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10141| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10142| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10143| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10144| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10145| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10146| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10147| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10148| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10149| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10150| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10151| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10152| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10153| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10154| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10155| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10156| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10157| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10158| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10159| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10160| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10161| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10162| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10163| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10164| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10165| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10166| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10167| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10168| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10169| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10170| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10171| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10172| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10173| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10174| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10175| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10176| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10177| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10178| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10179| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10180| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10181| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10182| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10183| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10184| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10185| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10186| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10187| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10188| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10189| [68229] Apache Harmony PRNG Entropy Weakness
10190| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10191| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10192| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10193| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10194| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10195| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10196| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10197| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10198| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10199| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10200| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10201| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10202| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10203| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10204| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10205| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10206| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10207| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10208| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10209| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10210| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10211| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10212| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10213| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10214| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10215| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10216| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10217| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10218| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10219| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10220| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10221| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10222| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10223| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10224| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10225| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10226| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10227| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10228| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10229| [64780] Apache CloudStack Unauthorized Access Vulnerability
10230| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10231| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10232| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10233| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10234| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10235| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10236| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10237| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10238| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10239| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10240| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10241| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10242| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10243| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10244| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10245| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10246| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10247| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10248| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10249| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10250| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10251| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10252| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10253| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10254| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10255| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10256| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10257| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10258| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10259| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10260| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10261| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10262| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10263| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10264| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10265| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10266| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10267| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10268| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10269| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10270| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10271| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10272| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10273| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10274| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10275| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10276| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10277| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10278| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10279| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10280| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10281| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10282| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10283| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10284| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10285| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10286| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10287| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10288| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10289| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10290| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10291| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10292| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10293| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10294| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10295| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10296| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10297| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10298| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10299| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10300| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10301| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10302| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10303| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10304| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10305| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10306| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10307| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10308| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10309| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10310| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10311| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10312| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10313| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10314| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10315| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10316| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10317| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10318| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10319| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10320| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10321| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10322| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10323| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10324| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10325| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10326| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10327| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10328| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10329| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10330| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10331| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10332| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10333| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10334| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10335| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10336| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10337| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10338| [54798] Apache Libcloud Man In The Middle Vulnerability
10339| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10340| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10341| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10342| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10343| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10344| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10345| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10346| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10347| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10348| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10349| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10350| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10351| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10352| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10353| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10354| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10355| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10356| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10357| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10358| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10359| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10360| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10361| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10362| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10363| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10364| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10365| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10366| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10367| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10368| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10369| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10370| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10371| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10372| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10373| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10374| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10375| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10376| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10377| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10378| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10379| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10380| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10381| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10382| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10383| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10384| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10385| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10386| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10387| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10388| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10389| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10390| [49290] Apache Wicket Cross Site Scripting Vulnerability
10391| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10392| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10393| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10394| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10395| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10396| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10397| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10398| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10399| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10400| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10401| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10402| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10403| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10404| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10405| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10406| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10407| [46953] Apache MPM-ITK Module Security Weakness
10408| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10409| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10410| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10411| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10412| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10413| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10414| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10415| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10416| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10417| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10418| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10419| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10420| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10421| [44616] Apache Shiro Directory Traversal Vulnerability
10422| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10423| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10424| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10425| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10426| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10427| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10428| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10429| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10430| [42492] Apache CXF XML DTD Processing Security Vulnerability
10431| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10432| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10433| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10434| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10435| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10436| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10437| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10438| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10439| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10440| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10441| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10442| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10443| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10444| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10445| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10446| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10447| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10448| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10449| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10450| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10451| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10452| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10453| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10454| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10455| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10456| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10457| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10458| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10459| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10460| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10461| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10462| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10463| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10464| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10465| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10466| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10467| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10468| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10469| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10470| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10471| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10472| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10473| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10474| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10475| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10476| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10477| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10478| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10479| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10480| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10481| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10482| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10483| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10484| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10485| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10486| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10487| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10488| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10489| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10490| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10491| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10492| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10493| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10494| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10495| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10496| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10497| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10498| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10499| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10500| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10501| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10502| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10503| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10504| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10505| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10506| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10507| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10508| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10509| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10510| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10511| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10512| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10513| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10514| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10515| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10516| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10517| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10518| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10519| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10520| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10521| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10522| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10523| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10524| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10525| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10526| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10527| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10528| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10529| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10530| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10531| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10532| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10533| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10534| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10535| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10536| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10537| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10538| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10539| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10540| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10541| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10542| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10543| [20527] Apache Mod_TCL Remote Format String Vulnerability
10544| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10545| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10546| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10547| [19106] Apache Tomcat Information Disclosure Vulnerability
10548| [18138] Apache James SMTP Denial Of Service Vulnerability
10549| [17342] Apache Struts Multiple Remote Vulnerabilities
10550| [17095] Apache Log4Net Denial Of Service Vulnerability
10551| [16916] Apache mod_python FileSession Code Execution Vulnerability
10552| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10553| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10554| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10555| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10556| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10557| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10558| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10559| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10560| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10561| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10562| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10563| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10564| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10565| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10566| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10567| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10568| [14106] Apache HTTP Request Smuggling Vulnerability
10569| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10570| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10571| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10572| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10573| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10574| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10575| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10576| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10577| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10578| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10579| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10580| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10581| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10582| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10583| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10584| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10585| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10586| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10587| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10588| [11094] Apache mod_ssl Denial Of Service Vulnerability
10589| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10590| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10591| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10592| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10593| [10478] ClueCentral Apache Suexec Patch Security Weakness
10594| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10595| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10596| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10597| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10598| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10599| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10600| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10601| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10602| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10603| [9733] Apache Cygwin Directory Traversal Vulnerability
10604| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10605| [9590] Apache-SSL Client Certificate Forging Vulnerability
10606| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10607| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10608| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10609| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10610| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10611| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10612| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10613| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10614| [8898] Red Hat Apache Directory Index Default Configuration Error
10615| [8883] Apache Cocoon Directory Traversal Vulnerability
10616| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10617| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10618| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10619| [8707] Apache htpasswd Password Entropy Weakness
10620| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10621| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10622| [8226] Apache HTTP Server Multiple Vulnerabilities
10623| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10624| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10625| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10626| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10627| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10628| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10629| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10630| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10631| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10632| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10633| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10634| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10635| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10636| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10637| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10638| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10639| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10640| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10641| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10642| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10643| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10644| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10645| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10646| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10647| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10648| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10649| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10650| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10651| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10652| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10653| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10654| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10655| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10656| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10657| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10658| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10659| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10660| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10661| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10662| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10663| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10664| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10665| [5485] Apache 2.0 Path Disclosure Vulnerability
10666| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10667| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10668| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10669| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10670| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10671| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10672| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10673| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10674| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10675| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10676| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10677| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10678| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10679| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10680| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10681| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10682| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10683| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10684| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10685| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10686| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10687| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10688| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10689| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10690| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10691| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10692| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10693| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10694| [3596] Apache Split-Logfile File Append Vulnerability
10695| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10696| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10697| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10698| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10699| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10700| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10701| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10702| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10703| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10704| [3169] Apache Server Address Disclosure Vulnerability
10705| [3009] Apache Possible Directory Index Disclosure Vulnerability
10706| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10707| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10708| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10709| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10710| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10711| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10712| [2216] Apache Web Server DoS Vulnerability
10713| [2182] Apache /tmp File Race Vulnerability
10714| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10715| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10716| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10717| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10718| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10719| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10720| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10721| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10722| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10723| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10724| [1457] Apache::ASP source.asp Example Script Vulnerability
10725| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10726| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10727|
10728| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10729| [86258] Apache CloudStack text fields cross-site scripting
10730| [85983] Apache Subversion mod_dav_svn module denial of service
10731| [85875] Apache OFBiz UEL code execution
10732| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10733| [85871] Apache HTTP Server mod_session_dbd unspecified
10734| [85756] Apache Struts OGNL expression command execution
10735| [85755] Apache Struts DefaultActionMapper class open redirect
10736| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10737| [85574] Apache HTTP Server mod_dav denial of service
10738| [85573] Apache Struts Showcase App OGNL code execution
10739| [85496] Apache CXF denial of service
10740| [85423] Apache Geronimo RMI classloader code execution
10741| [85326] Apache Santuario XML Security for C++ buffer overflow
10742| [85323] Apache Santuario XML Security for Java spoofing
10743| [85319] Apache Qpid Python client SSL spoofing
10744| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10745| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10746| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10747| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10748| [84952] Apache Tomcat CVE-2012-3544 denial of service
10749| [84763] Apache Struts CVE-2013-2135 security bypass
10750| [84762] Apache Struts CVE-2013-2134 security bypass
10751| [84719] Apache Subversion CVE-2013-2088 command execution
10752| [84718] Apache Subversion CVE-2013-2112 denial of service
10753| [84717] Apache Subversion CVE-2013-1968 denial of service
10754| [84577] Apache Tomcat security bypass
10755| [84576] Apache Tomcat symlink
10756| [84543] Apache Struts CVE-2013-2115 security bypass
10757| [84542] Apache Struts CVE-2013-1966 security bypass
10758| [84154] Apache Tomcat session hijacking
10759| [84144] Apache Tomcat denial of service
10760| [84143] Apache Tomcat information disclosure
10761| [84111] Apache HTTP Server command execution
10762| [84043] Apache Virtual Computing Lab cross-site scripting
10763| [84042] Apache Virtual Computing Lab cross-site scripting
10764| [83782] Apache CloudStack information disclosure
10765| [83781] Apache CloudStack security bypass
10766| [83720] Apache ActiveMQ cross-site scripting
10767| [83719] Apache ActiveMQ denial of service
10768| [83718] Apache ActiveMQ denial of service
10769| [83263] Apache Subversion denial of service
10770| [83262] Apache Subversion denial of service
10771| [83261] Apache Subversion denial of service
10772| [83259] Apache Subversion denial of service
10773| [83035] Apache mod_ruid2 security bypass
10774| [82852] Apache Qpid federation_tag security bypass
10775| [82851] Apache Qpid qpid::framing::Buffer denial of service
10776| [82758] Apache Rave User RPC API information disclosure
10777| [82663] Apache Subversion svn_fs_file_length() denial of service
10778| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10779| [82641] Apache Qpid AMQP denial of service
10780| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10781| [82618] Apache Commons FileUpload symlink
10782| [82360] Apache HTTP Server manager interface cross-site scripting
10783| [82359] Apache HTTP Server hostnames cross-site scripting
10784| [82338] Apache Tomcat log/logdir information disclosure
10785| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10786| [82268] Apache OpenJPA deserialization command execution
10787| [81981] Apache CXF UsernameTokens security bypass
10788| [81980] Apache CXF WS-Security security bypass
10789| [81398] Apache OFBiz cross-site scripting
10790| [81240] Apache CouchDB directory traversal
10791| [81226] Apache CouchDB JSONP code execution
10792| [81225] Apache CouchDB Futon user interface cross-site scripting
10793| [81211] Apache Axis2/C SSL spoofing
10794| [81167] Apache CloudStack DeployVM information disclosure
10795| [81166] Apache CloudStack AddHost API information disclosure
10796| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10797| [80518] Apache Tomcat cross-site request forgery security bypass
10798| [80517] Apache Tomcat FormAuthenticator security bypass
10799| [80516] Apache Tomcat NIO denial of service
10800| [80408] Apache Tomcat replay-countermeasure security bypass
10801| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10802| [80317] Apache Tomcat slowloris denial of service
10803| [79984] Apache Commons HttpClient SSL spoofing
10804| [79983] Apache CXF SSL spoofing
10805| [79830] Apache Axis2/Java SSL spoofing
10806| [79829] Apache Axis SSL spoofing
10807| [79809] Apache Tomcat DIGEST security bypass
10808| [79806] Apache Tomcat parseHeaders() denial of service
10809| [79540] Apache OFBiz unspecified
10810| [79487] Apache Axis2 SAML security bypass
10811| [79212] Apache Cloudstack code execution
10812| [78734] Apache CXF SOAP Action security bypass
10813| [78730] Apache Qpid broker denial of service
10814| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10815| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10816| [78562] Apache mod_pagespeed module security bypass
10817| [78454] Apache Axis2 security bypass
10818| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10819| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10820| [78321] Apache Wicket unspecified cross-site scripting
10821| [78183] Apache Struts parameters denial of service
10822| [78182] Apache Struts cross-site request forgery
10823| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10824| [77987] mod_rpaf module for Apache denial of service
10825| [77958] Apache Struts skill name code execution
10826| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10827| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10828| [77568] Apache Qpid broker security bypass
10829| [77421] Apache Libcloud spoofing
10830| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10831| [77046] Oracle Solaris Apache HTTP Server information disclosure
10832| [76837] Apache Hadoop information disclosure
10833| [76802] Apache Sling CopyFrom denial of service
10834| [76692] Apache Hadoop symlink
10835| [76535] Apache Roller console cross-site request forgery
10836| [76534] Apache Roller weblog cross-site scripting
10837| [76152] Apache CXF elements security bypass
10838| [76151] Apache CXF child policies security bypass
10839| [75983] MapServer for Windows Apache file include
10840| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10841| [75558] Apache POI denial of service
10842| [75545] PHP apache_request_headers() buffer overflow
10843| [75302] Apache Qpid SASL security bypass
10844| [75211] Debian GNU/Linux apache 2 cross-site scripting
10845| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10846| [74871] Apache OFBiz FlexibleStringExpander code execution
10847| [74870] Apache OFBiz multiple cross-site scripting
10848| [74750] Apache Hadoop unspecified spoofing
10849| [74319] Apache Struts XSLTResult.java file upload
10850| [74313] Apache Traffic Server header buffer overflow
10851| [74276] Apache Wicket directory traversal
10852| [74273] Apache Wicket unspecified cross-site scripting
10853| [74181] Apache HTTP Server mod_fcgid module denial of service
10854| [73690] Apache Struts OGNL code execution
10855| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10856| [73100] Apache MyFaces in directory traversal
10857| [73096] Apache APR hash denial of service
10858| [73052] Apache Struts name cross-site scripting
10859| [73030] Apache CXF UsernameToken security bypass
10860| [72888] Apache Struts lastName cross-site scripting
10861| [72758] Apache HTTP Server httpOnly information disclosure
10862| [72757] Apache HTTP Server MPM denial of service
10863| [72585] Apache Struts ParameterInterceptor security bypass
10864| [72438] Apache Tomcat Digest security bypass
10865| [72437] Apache Tomcat Digest security bypass
10866| [72436] Apache Tomcat DIGEST security bypass
10867| [72425] Apache Tomcat parameter denial of service
10868| [72422] Apache Tomcat request object information disclosure
10869| [72377] Apache HTTP Server scoreboard security bypass
10870| [72345] Apache HTTP Server HTTP request denial of service
10871| [72229] Apache Struts ExceptionDelegator command execution
10872| [72089] Apache Struts ParameterInterceptor directory traversal
10873| [72088] Apache Struts CookieInterceptor command execution
10874| [72047] Apache Geronimo hash denial of service
10875| [72016] Apache Tomcat hash denial of service
10876| [71711] Apache Struts OGNL expression code execution
10877| [71654] Apache Struts interfaces security bypass
10878| [71620] Apache ActiveMQ failover denial of service
10879| [71617] Apache HTTP Server mod_proxy module information disclosure
10880| [71508] Apache MyFaces EL security bypass
10881| [71445] Apache HTTP Server mod_proxy security bypass
10882| [71203] Apache Tomcat servlets privilege escalation
10883| [71181] Apache HTTP Server ap_pregsub() denial of service
10884| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10885| [70336] Apache HTTP Server mod_proxy information disclosure
10886| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10887| [69472] Apache Tomcat AJP security bypass
10888| [69396] Apache HTTP Server ByteRange filter denial of service
10889| [69394] Apache Wicket multi window support cross-site scripting
10890| [69176] Apache Tomcat XML information disclosure
10891| [69161] Apache Tomcat jsvc information disclosure
10892| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10893| [68541] Apache Tomcat sendfile information disclosure
10894| [68420] Apache XML Security denial of service
10895| [68238] Apache Tomcat JMX information disclosure
10896| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10897| [67804] Apache Subversion control rules information disclosure
10898| [67803] Apache Subversion control rules denial of service
10899| [67802] Apache Subversion baselined denial of service
10900| [67672] Apache Archiva multiple cross-site scripting
10901| [67671] Apache Archiva multiple cross-site request forgery
10902| [67564] Apache APR apr_fnmatch() denial of service
10903| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10904| [67515] Apache Tomcat annotations security bypass
10905| [67480] Apache Struts s:submit information disclosure
10906| [67414] Apache APR apr_fnmatch() denial of service
10907| [67356] Apache Struts javatemplates cross-site scripting
10908| [67354] Apache Struts Xwork cross-site scripting
10909| [66676] Apache Tomcat HTTP BIO information disclosure
10910| [66675] Apache Tomcat web.xml security bypass
10911| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10912| [66241] Apache HttpComponents information disclosure
10913| [66154] Apache Tomcat ServletSecurity security bypass
10914| [65971] Apache Tomcat ServletSecurity security bypass
10915| [65876] Apache Subversion mod_dav_svn denial of service
10916| [65343] Apache Continuum unspecified cross-site scripting
10917| [65162] Apache Tomcat NIO connector denial of service
10918| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10919| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10920| [65159] Apache Tomcat ServletContect security bypass
10921| [65050] Apache CouchDB web-based administration UI cross-site scripting
10922| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10923| [64473] Apache Subversion blame -g denial of service
10924| [64472] Apache Subversion walk() denial of service
10925| [64407] Apache Axis2 CVE-2010-0219 code execution
10926| [63926] Apache Archiva password privilege escalation
10927| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10928| [63493] Apache Archiva credentials cross-site request forgery
10929| [63477] Apache Tomcat HttpOnly session hijacking
10930| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10931| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10932| [62959] Apache Shiro filters security bypass
10933| [62790] Apache Perl cgi module denial of service
10934| [62576] Apache Qpid exchange denial of service
10935| [62575] Apache Qpid AMQP denial of service
10936| [62354] Apache Qpid SSL denial of service
10937| [62235] Apache APR-util apr_brigade_split_line() denial of service
10938| [62181] Apache XML-RPC SAX Parser information disclosure
10939| [61721] Apache Traffic Server cache poisoning
10940| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10941| [61186] Apache CouchDB Futon cross-site request forgery
10942| [61169] Apache CXF DTD denial of service
10943| [61070] Apache Jackrabbit search.jsp SQL injection
10944| [61006] Apache SLMS Quoting cross-site request forgery
10945| [60962] Apache Tomcat time cross-site scripting
10946| [60883] Apache mod_proxy_http information disclosure
10947| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10948| [60264] Apache Tomcat Transfer-Encoding denial of service
10949| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10950| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10951| [59413] Apache mod_proxy_http timeout information disclosure
10952| [59058] Apache MyFaces unencrypted view state cross-site scripting
10953| [58827] Apache Axis2 xsd file include
10954| [58790] Apache Axis2 modules cross-site scripting
10955| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10956| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10957| [58056] Apache ActiveMQ .jsp source code disclosure
10958| [58055] Apache Tomcat realm name information disclosure
10959| [58046] Apache HTTP Server mod_auth_shadow security bypass
10960| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10961| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10962| [57429] Apache CouchDB algorithms information disclosure
10963| [57398] Apache ActiveMQ Web console cross-site request forgery
10964| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10965| [56653] Apache HTTP Server DNS spoofing
10966| [56652] Apache HTTP Server DNS cross-site scripting
10967| [56625] Apache HTTP Server request header information disclosure
10968| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10969| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10970| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10971| [55857] Apache Tomcat WAR files directory traversal
10972| [55856] Apache Tomcat autoDeploy attribute security bypass
10973| [55855] Apache Tomcat WAR directory traversal
10974| [55210] Intuit component for Joomla! Apache information disclosure
10975| [54533] Apache Tomcat 404 error page cross-site scripting
10976| [54182] Apache Tomcat admin default password
10977| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10978| [53666] Apache HTTP Server Solaris pollset support denial of service
10979| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10980| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10981| [53041] mod_proxy_ftp module for Apache denial of service
10982| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10983| [51953] Apache Tomcat Path Disclosure
10984| [51952] Apache Tomcat Path Traversal
10985| [51951] Apache stronghold-status Information Disclosure
10986| [51950] Apache stronghold-info Information Disclosure
10987| [51949] Apache PHP Source Code Disclosure
10988| [51948] Apache Multiviews Attack
10989| [51946] Apache JServ Environment Status Information Disclosure
10990| [51945] Apache error_log Information Disclosure
10991| [51944] Apache Default Installation Page Pattern Found
10992| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10993| [51942] Apache AXIS XML External Entity File Retrieval
10994| [51941] Apache AXIS Sample Servlet Information Leak
10995| [51940] Apache access_log Information Disclosure
10996| [51626] Apache mod_deflate denial of service
10997| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10998| [51365] Apache Tomcat RequestDispatcher security bypass
10999| [51273] Apache HTTP Server Incomplete Request denial of service
11000| [51195] Apache Tomcat XML information disclosure
11001| [50994] Apache APR-util xml/apr_xml.c denial of service
11002| [50993] Apache APR-util apr_brigade_vprintf denial of service
11003| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11004| [50930] Apache Tomcat j_security_check information disclosure
11005| [50928] Apache Tomcat AJP denial of service
11006| [50884] Apache HTTP Server XML ENTITY denial of service
11007| [50808] Apache HTTP Server AllowOverride privilege escalation
11008| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11009| [50059] Apache mod_proxy_ajp information disclosure
11010| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11011| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11012| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11013| [49921] Apache ActiveMQ Web interface cross-site scripting
11014| [49898] Apache Geronimo Services/Repository directory traversal
11015| [49725] Apache Tomcat mod_jk module information disclosure
11016| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11017| [49712] Apache Struts unspecified cross-site scripting
11018| [49213] Apache Tomcat cal2.jsp cross-site scripting
11019| [48934] Apache Tomcat POST doRead method information disclosure
11020| [48211] Apache Tomcat header HTTP request smuggling
11021| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11022| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11023| [47709] Apache Roller "
11024| [47104] Novell Netware ApacheAdmin console security bypass
11025| [47086] Apache HTTP Server OS fingerprinting unspecified
11026| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11027| [45791] Apache Tomcat RemoteFilterValve security bypass
11028| [44435] Oracle WebLogic Apache Connector buffer overflow
11029| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11030| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11031| [44156] Apache Tomcat RequestDispatcher directory traversal
11032| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11033| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11034| [42987] Apache HTTP Server mod_proxy module denial of service
11035| [42915] Apache Tomcat JSP files path disclosure
11036| [42914] Apache Tomcat MS-DOS path disclosure
11037| [42892] Apache Tomcat unspecified unauthorized access
11038| [42816] Apache Tomcat Host Manager cross-site scripting
11039| [42303] Apache 403 error cross-site scripting
11040| [41618] Apache-SSL ExpandCert() authentication bypass
11041| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11042| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11043| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11044| [40562] Apache Geronimo init information disclosure
11045| [40478] Novell Web Manager webadmin-apache.conf security bypass
11046| [40411] Apache Tomcat exception handling information disclosure
11047| [40409] Apache Tomcat native (APR based) connector weak security
11048| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11049| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11050| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11051| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11052| [39804] Apache Tomcat SingleSignOn information disclosure
11053| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11054| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11055| [39608] Apache HTTP Server balancer manager cross-site request forgery
11056| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11057| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11058| [39472] Apache HTTP Server mod_status cross-site scripting
11059| [39201] Apache Tomcat JULI logging weak security
11060| [39158] Apache HTTP Server Windows SMB shares information disclosure
11061| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11062| [38951] Apache::AuthCAS Perl module cookie SQL injection
11063| [38800] Apache HTTP Server 413 error page cross-site scripting
11064| [38211] Apache Geronimo SQLLoginModule authentication bypass
11065| [37243] Apache Tomcat WebDAV directory traversal
11066| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11067| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11068| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11069| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11070| [36782] Apache Geronimo MEJB unauthorized access
11071| [36586] Apache HTTP Server UTF-7 cross-site scripting
11072| [36468] Apache Geronimo LoginModule security bypass
11073| [36467] Apache Tomcat functions.jsp cross-site scripting
11074| [36402] Apache Tomcat calendar cross-site request forgery
11075| [36354] Apache HTTP Server mod_proxy module denial of service
11076| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11077| [36336] Apache Derby lock table privilege escalation
11078| [36335] Apache Derby schema privilege escalation
11079| [36006] Apache Tomcat "
11080| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11081| [35999] Apache Tomcat \"
11082| [35795] Apache Tomcat CookieExample cross-site scripting
11083| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11084| [35384] Apache HTTP Server mod_cache module denial of service
11085| [35097] Apache HTTP Server mod_status module cross-site scripting
11086| [35095] Apache HTTP Server Prefork MPM module denial of service
11087| [34984] Apache HTTP Server recall_headers information disclosure
11088| [34966] Apache HTTP Server MPM content spoofing
11089| [34965] Apache HTTP Server MPM information disclosure
11090| [34963] Apache HTTP Server MPM multiple denial of service
11091| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11092| [34869] Apache Tomcat JSP example Web application cross-site scripting
11093| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11094| [34496] Apache Tomcat JK Connector security bypass
11095| [34377] Apache Tomcat hello.jsp cross-site scripting
11096| [34212] Apache Tomcat SSL configuration security bypass
11097| [34210] Apache Tomcat Accept-Language cross-site scripting
11098| [34209] Apache Tomcat calendar application cross-site scripting
11099| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11100| [34167] Apache Axis WSDL file path disclosure
11101| [34068] Apache Tomcat AJP connector information disclosure
11102| [33584] Apache HTTP Server suEXEC privilege escalation
11103| [32988] Apache Tomcat proxy module directory traversal
11104| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11105| [32708] Debian Apache tty privilege escalation
11106| [32441] ApacheStats extract() PHP call unspecified
11107| [32128] Apache Tomcat default account
11108| [31680] Apache Tomcat RequestParamExample cross-site scripting
11109| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11110| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11111| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11112| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11113| [29550] Apache mod_tcl set_var() format string
11114| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11115| [28357] Apache HTTP Server mod_alias script source information disclosure
11116| [28063] Apache mod_rewrite off-by-one buffer overflow
11117| [27902] Apache Tomcat URL information disclosure
11118| [26786] Apache James SMTP server denial of service
11119| [25680] libapache2 /tmp/svn file upload
11120| [25614] Apache Struts lookupMap cross-site scripting
11121| [25613] Apache Struts ActionForm denial of service
11122| [25612] Apache Struts isCancelled() security bypass
11123| [24965] Apache mod_python FileSession command execution
11124| [24716] Apache James spooler memory leak denial of service
11125| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11126| [24158] Apache Geronimo jsp-examples cross-site scripting
11127| [24030] Apache auth_ldap module multiple format strings
11128| [24008] Apache mod_ssl custom error message denial of service
11129| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11130| [23612] Apache mod_imap referer field cross-site scripting
11131| [23173] Apache Struts error message cross-site scripting
11132| [22942] Apache Tomcat directory listing denial of service
11133| [22858] Apache Multi-Processing Module code allows denial of service
11134| [22602] RHSA-2005:582 updates for Apache httpd not installed
11135| [22520] Apache mod-auth-shadow "
11136| [22466] ApacheTop symlink
11137| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11138| [22006] Apache HTTP Server byte-range filter denial of service
11139| [21567] Apache mod_ssl off-by-one buffer overflow
11140| [21195] Apache HTTP Server header HTTP request smuggling
11141| [20383] Apache HTTP Server htdigest buffer overflow
11142| [19681] Apache Tomcat AJP12 request denial of service
11143| [18993] Apache HTTP server check_forensic symlink attack
11144| [18790] Apache Tomcat Manager cross-site scripting
11145| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11146| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11147| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11148| [17961] Apache Web server ServerTokens has not been set
11149| [17930] Apache HTTP Server HTTP GET request denial of service
11150| [17785] Apache mod_include module buffer overflow
11151| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11152| [17473] Apache HTTP Server Satisfy directive allows access to resources
11153| [17413] Apache htpasswd buffer overflow
11154| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11155| [17382] Apache HTTP Server IPv6 apr_util denial of service
11156| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11157| [17273] Apache HTTP Server speculative mode denial of service
11158| [17200] Apache HTTP Server mod_ssl denial of service
11159| [16890] Apache HTTP Server server-info request has been detected
11160| [16889] Apache HTTP Server server-status request has been detected
11161| [16705] Apache mod_ssl format string attack
11162| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11163| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11164| [16230] Apache HTTP Server PHP denial of service
11165| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11166| [15958] Apache HTTP Server authentication modules memory corruption
11167| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11168| [15540] Apache HTTP Server socket starvation denial of service
11169| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11170| [15422] Apache HTTP Server mod_access information disclosure
11171| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11172| [15293] Apache for Cygwin "
11173| [15065] Apache-SSL has a default password
11174| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11175| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11176| [14751] Apache Mod_python output filter information disclosure
11177| [14125] Apache HTTP Server mod_userdir module information disclosure
11178| [14075] Apache HTTP Server mod_php file descriptor leak
11179| [13703] Apache HTTP Server account
11180| [13689] Apache HTTP Server configuration allows symlinks
11181| [13688] Apache HTTP Server configuration allows SSI
11182| [13687] Apache HTTP Server Server: header value
11183| [13685] Apache HTTP Server ServerTokens value
11184| [13684] Apache HTTP Server ServerSignature value
11185| [13672] Apache HTTP Server config allows directory autoindexing
11186| [13671] Apache HTTP Server default content
11187| [13670] Apache HTTP Server config file directive references outside content root
11188| [13668] Apache HTTP Server httpd not running in chroot environment
11189| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11190| [13664] Apache HTTP Server config file contains ScriptAlias entry
11191| [13663] Apache HTTP Server CGI support modules loaded
11192| [13661] Apache HTTP Server config file contains AddHandler entry
11193| [13660] Apache HTTP Server 500 error page not CGI script
11194| [13659] Apache HTTP Server 413 error page not CGI script
11195| [13658] Apache HTTP Server 403 error page not CGI script
11196| [13657] Apache HTTP Server 401 error page not CGI script
11197| [13552] Apache HTTP Server mod_cgid module information disclosure
11198| [13550] Apache GET request directory traversal
11199| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11200| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11201| [13429] Apache Tomcat non-HTTP request denial of service
11202| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11203| [13295] Apache weak password encryption
11204| [13254] Apache Tomcat .jsp cross-site scripting
11205| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11206| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11207| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11208| [12662] Apache HTTP Server rotatelogs denial of service
11209| [12554] Apache Tomcat stores password in plain text
11210| [12553] Apache HTTP Server redirects and subrequests denial of service
11211| [12552] Apache HTTP Server FTP proxy server denial of service
11212| [12551] Apache HTTP Server prefork MPM denial of service
11213| [12550] Apache HTTP Server weaker than expected encryption
11214| [12549] Apache HTTP Server type-map file denial of service
11215| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11216| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11217| [12091] Apache HTTP Server apr_password_validate denial of service
11218| [12090] Apache HTTP Server apr_psprintf code execution
11219| [11804] Apache HTTP Server mod_access_referer denial of service
11220| [11750] Apache HTTP Server could leak sensitive file descriptors
11221| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11222| [11703] Apache long slash path allows directory listing
11223| [11695] Apache HTTP Server LF (Line Feed) denial of service
11224| [11694] Apache HTTP Server filestat.c denial of service
11225| [11438] Apache HTTP Server MIME message boundaries information disclosure
11226| [11412] Apache HTTP Server error log terminal escape sequence injection
11227| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11228| [11195] Apache Tomcat web.xml could be used to read files
11229| [11194] Apache Tomcat URL appended with a null character could list directories
11230| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11231| [11126] Apache HTTP Server illegal character file disclosure
11232| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11233| [11124] Apache HTTP Server DOS device name denial of service
11234| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11235| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11236| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11237| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11238| [10499] Apache HTTP Server WebDAV HTTP POST view source
11239| [10457] Apache HTTP Server mod_ssl "
11240| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11241| [10414] Apache HTTP Server htdigest multiple buffer overflows
11242| [10413] Apache HTTP Server htdigest temporary file race condition
11243| [10412] Apache HTTP Server htpasswd temporary file race condition
11244| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11245| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11246| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11247| [10280] Apache HTTP Server shared memory scorecard overwrite
11248| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11249| [10241] Apache HTTP Server Host: header cross-site scripting
11250| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11251| [10208] Apache HTTP Server mod_dav denial of service
11252| [10206] HP VVOS Apache mod_ssl denial of service
11253| [10200] Apache HTTP Server stderr denial of service
11254| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11255| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11256| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11257| [10098] Slapper worm targets OpenSSL/Apache systems
11258| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11259| [9875] Apache HTTP Server .var file request could disclose installation path
11260| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11261| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11262| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11263| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11264| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11265| [9396] Apache Tomcat null character to threads denial of service
11266| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11267| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11268| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11269| [8932] Apache Tomcat example class information disclosure
11270| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11271| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11272| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11273| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11274| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11275| [8400] Apache HTTP Server mod_frontpage buffer overflows
11276| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11277| [8308] Apache "
11278| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11279| [8119] Apache and PHP OPTIONS request reveals "
11280| [8054] Apache is running on the system
11281| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11282| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11283| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11284| [7836] Apache HTTP Server log directory denial of service
11285| [7815] Apache for Windows "
11286| [7810] Apache HTTP request could result in unexpected behavior
11287| [7599] Apache Tomcat reveals installation path
11288| [7494] Apache "
11289| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11290| [7363] Apache Web Server hidden HTTP requests
11291| [7249] Apache mod_proxy denial of service
11292| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11293| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11294| [7059] Apache "
11295| [7057] Apache "
11296| [7056] Apache "
11297| [7055] Apache "
11298| [7054] Apache "
11299| [6997] Apache Jakarta Tomcat error message may reveal information
11300| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11301| [6970] Apache crafted HTTP request could reveal the internal IP address
11302| [6921] Apache long slash path allows directory listing
11303| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11304| [6527] Apache Web Server for Windows and OS2 denial of service
11305| [6316] Apache Jakarta Tomcat may reveal JSP source code
11306| [6305] Apache Jakarta Tomcat directory traversal
11307| [5926] Linux Apache symbolic link
11308| [5659] Apache Web server discloses files when used with php script
11309| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11310| [5204] Apache WebDAV directory listings
11311| [5197] Apache Web server reveals CGI script source code
11312| [5160] Apache Jakarta Tomcat default installation
11313| [5099] Trustix Secure Linux installs Apache with world writable access
11314| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11315| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11316| [4931] Apache source.asp example file allows users to write to files
11317| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11318| [4205] Apache Jakarta Tomcat delivers file contents
11319| [2084] Apache on Debian by default serves the /usr/doc directory
11320| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11321| [697] Apache HTTP server beck exploit
11322| [331] Apache cookies buffer overflow
11323|
11324| Exploit-DB - https://www.exploit-db.com:
11325| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11326| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11327| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11328| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11329| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11330| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11331| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11332| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11333| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11334| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11335| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11336| [29859] Apache Roller OGNL Injection
11337| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11338| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11339| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11340| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11341| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11342| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11343| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11344| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11345| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11346| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11347| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11348| [27096] Apache Geronimo 1.0 Error Page XSS
11349| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11350| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11351| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11352| [25986] Plesk Apache Zeroday Remote Exploit
11353| [25980] Apache Struts includeParams Remote Code Execution
11354| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11355| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11356| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11357| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11358| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11359| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11360| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11361| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11362| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11363| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11364| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11365| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11366| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11367| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11368| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11369| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11370| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11371| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11372| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11373| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11374| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11375| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11376| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11377| [21719] Apache 2.0 Path Disclosure Vulnerability
11378| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11379| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11380| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11381| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11382| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11383| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11384| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11385| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11386| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11387| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11388| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11389| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11390| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11391| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11392| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11393| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11394| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11395| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11396| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11397| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11398| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11399| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11400| [20558] Apache 1.2 Web Server DoS Vulnerability
11401| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11402| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11403| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11404| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11405| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11406| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11407| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11408| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11409| [19231] PHP apache_request_headers Function Buffer Overflow
11410| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11411| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11412| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11413| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11414| [18442] Apache httpOnly Cookie Disclosure
11415| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11416| [18221] Apache HTTP Server Denial of Service
11417| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11418| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11419| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11420| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11421| [16782] Apache Win32 Chunked Encoding
11422| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11423| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11424| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11425| [15319] Apache 2.2 (Windows) Local Denial of Service
11426| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11427| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11428| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11429| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11430| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11431| [12330] Apache OFBiz - Multiple XSS
11432| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11433| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11434| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11435| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11436| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11437| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11438| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11439| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11440| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11441| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11442| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11443| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11444| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11445| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11446| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11447| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11448| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11449| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11450| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11451| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11452| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11453| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11454| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11455| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11456| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11457| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11458| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11459| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11460| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11461| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11462| [466] htpasswd Apache 1.3.31 - Local Exploit
11463| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11464| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11465| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11466| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11467| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11468| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11469| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11470| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11471| [9] Apache HTTP Server 2.x Memory Leak Exploit
11472|
11473| OpenVAS (Nessus) - http://www.openvas.org:
11474| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11475| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11476| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11477| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11478| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11479| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11480| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11481| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11482| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11483| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11484| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11485| [900571] Apache APR-Utils Version Detection
11486| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11487| [900496] Apache Tiles Multiple XSS Vulnerability
11488| [900493] Apache Tiles Version Detection
11489| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11490| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11491| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11492| [870175] RedHat Update for apache RHSA-2008:0004-01
11493| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11494| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11495| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11496| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11497| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11498| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11499| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11500| [855821] Solaris Update for Apache 1.3 122912-19
11501| [855812] Solaris Update for Apache 1.3 122911-19
11502| [855737] Solaris Update for Apache 1.3 122911-17
11503| [855731] Solaris Update for Apache 1.3 122912-17
11504| [855695] Solaris Update for Apache 1.3 122911-16
11505| [855645] Solaris Update for Apache 1.3 122912-16
11506| [855587] Solaris Update for kernel update and Apache 108529-29
11507| [855566] Solaris Update for Apache 116973-07
11508| [855531] Solaris Update for Apache 116974-07
11509| [855524] Solaris Update for Apache 2 120544-14
11510| [855494] Solaris Update for Apache 1.3 122911-15
11511| [855478] Solaris Update for Apache Security 114145-11
11512| [855472] Solaris Update for Apache Security 113146-12
11513| [855179] Solaris Update for Apache 1.3 122912-15
11514| [855147] Solaris Update for kernel update and Apache 108528-29
11515| [855077] Solaris Update for Apache 2 120543-14
11516| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11517| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11518| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11519| [841209] Ubuntu Update for apache2 USN-1627-1
11520| [840900] Ubuntu Update for apache2 USN-1368-1
11521| [840798] Ubuntu Update for apache2 USN-1259-1
11522| [840734] Ubuntu Update for apache2 USN-1199-1
11523| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11524| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11525| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11526| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11527| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11528| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11529| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11530| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11531| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11532| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11533| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11534| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11535| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11536| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11537| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11538| [835188] HP-UX Update for Apache HPSBUX02308
11539| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11540| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11541| [835172] HP-UX Update for Apache HPSBUX02365
11542| [835168] HP-UX Update for Apache HPSBUX02313
11543| [835148] HP-UX Update for Apache HPSBUX01064
11544| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11545| [835131] HP-UX Update for Apache HPSBUX00256
11546| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11547| [835104] HP-UX Update for Apache HPSBUX00224
11548| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11549| [835101] HP-UX Update for Apache HPSBUX01232
11550| [835080] HP-UX Update for Apache HPSBUX02273
11551| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11552| [835044] HP-UX Update for Apache HPSBUX01019
11553| [835040] HP-UX Update for Apache PHP HPSBUX00207
11554| [835025] HP-UX Update for Apache HPSBUX00197
11555| [835023] HP-UX Update for Apache HPSBUX01022
11556| [835022] HP-UX Update for Apache HPSBUX02292
11557| [835005] HP-UX Update for Apache HPSBUX02262
11558| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11559| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11560| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11561| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11562| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11563| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11564| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11565| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11566| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11567| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11568| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11569| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11570| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11571| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11572| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11573| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11574| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11575| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11576| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11577| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11578| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11579| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11580| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11581| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11582| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11583| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11584| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11585| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11586| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11587| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11588| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11589| [801942] Apache Archiva Multiple Vulnerabilities
11590| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11591| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11592| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11593| [801284] Apache Derby Information Disclosure Vulnerability
11594| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11595| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11596| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11597| [800680] Apache APR Version Detection
11598| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11599| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11600| [800677] Apache Roller Version Detection
11601| [800279] Apache mod_jk Module Version Detection
11602| [800278] Apache Struts Cross Site Scripting Vulnerability
11603| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11604| [800276] Apache Struts Version Detection
11605| [800271] Apache Struts Directory Traversal Vulnerability
11606| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11607| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11608| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11609| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11610| [103074] Apache Continuum Cross Site Scripting Vulnerability
11611| [103073] Apache Continuum Detection
11612| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11613| [101023] Apache Open For Business Weak Password security check
11614| [101020] Apache Open For Business HTML injection vulnerability
11615| [101019] Apache Open For Business service detection
11616| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11617| [100923] Apache Archiva Detection
11618| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11619| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11620| [100813] Apache Axis2 Detection
11621| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11622| [100795] Apache Derby Detection
11623| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11624| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11625| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11626| [100514] Apache Multiple Security Vulnerabilities
11627| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11628| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11629| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11630| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11631| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11632| [72612] FreeBSD Ports: apache22
11633| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11634| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11635| [71512] FreeBSD Ports: apache
11636| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11637| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11638| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11639| [70737] FreeBSD Ports: apache
11640| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11641| [70600] FreeBSD Ports: apache
11642| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11643| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11644| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11645| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11646| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11647| [67868] FreeBSD Ports: apache
11648| [66816] FreeBSD Ports: apache
11649| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11650| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11651| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11652| [66081] SLES11: Security update for Apache 2
11653| [66074] SLES10: Security update for Apache 2
11654| [66070] SLES9: Security update for Apache 2
11655| [65998] SLES10: Security update for apache2-mod_python
11656| [65893] SLES10: Security update for Apache 2
11657| [65888] SLES10: Security update for Apache 2
11658| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11659| [65510] SLES9: Security update for Apache 2
11660| [65472] SLES9: Security update for Apache
11661| [65467] SLES9: Security update for Apache
11662| [65450] SLES9: Security update for apache2
11663| [65390] SLES9: Security update for Apache2
11664| [65363] SLES9: Security update for Apache2
11665| [65309] SLES9: Security update for Apache and mod_ssl
11666| [65296] SLES9: Security update for webdav apache module
11667| [65283] SLES9: Security update for Apache2
11668| [65249] SLES9: Security update for Apache 2
11669| [65230] SLES9: Security update for Apache 2
11670| [65228] SLES9: Security update for Apache 2
11671| [65212] SLES9: Security update for apache2-mod_python
11672| [65209] SLES9: Security update for apache2-worker
11673| [65207] SLES9: Security update for Apache 2
11674| [65168] SLES9: Security update for apache2-mod_python
11675| [65142] SLES9: Security update for Apache2
11676| [65136] SLES9: Security update for Apache 2
11677| [65132] SLES9: Security update for apache
11678| [65131] SLES9: Security update for Apache 2 oes/CORE
11679| [65113] SLES9: Security update for apache2
11680| [65072] SLES9: Security update for apache and mod_ssl
11681| [65017] SLES9: Security update for Apache 2
11682| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11683| [64783] FreeBSD Ports: apache
11684| [64774] Ubuntu USN-802-2 (apache2)
11685| [64653] Ubuntu USN-813-2 (apache2)
11686| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11687| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11688| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11689| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11690| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11691| [64443] Ubuntu USN-802-1 (apache2)
11692| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11693| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11694| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11695| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11696| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11697| [64201] Ubuntu USN-787-1 (apache2)
11698| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11699| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11700| [63565] FreeBSD Ports: apache
11701| [63562] Ubuntu USN-731-1 (apache2)
11702| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11703| [61185] FreeBSD Ports: apache
11704| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11705| [60387] Slackware Advisory SSA:2008-045-02 apache
11706| [58826] FreeBSD Ports: apache-tomcat
11707| [58825] FreeBSD Ports: apache-tomcat
11708| [58804] FreeBSD Ports: apache
11709| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11710| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11711| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11712| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11713| [57335] Debian Security Advisory DSA 1167-1 (apache)
11714| [57201] Debian Security Advisory DSA 1131-1 (apache)
11715| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11716| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11717| [57145] FreeBSD Ports: apache
11718| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11719| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11720| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11721| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11722| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11723| [56067] FreeBSD Ports: apache
11724| [55803] Slackware Advisory SSA:2005-310-04 apache
11725| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11726| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11727| [55355] FreeBSD Ports: apache
11728| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11729| [55261] Debian Security Advisory DSA 805-1 (apache2)
11730| [55259] Debian Security Advisory DSA 803-1 (apache)
11731| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11732| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11733| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11734| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11735| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11736| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11737| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11738| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11739| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11740| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11741| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11742| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11743| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11744| [54439] FreeBSD Ports: apache
11745| [53931] Slackware Advisory SSA:2004-133-01 apache
11746| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11747| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11748| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11749| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11750| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11751| [53848] Debian Security Advisory DSA 131-1 (apache)
11752| [53784] Debian Security Advisory DSA 021-1 (apache)
11753| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11754| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11755| [53735] Debian Security Advisory DSA 187-1 (apache)
11756| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11757| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11758| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11759| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11760| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11761| [53282] Debian Security Advisory DSA 594-1 (apache)
11762| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11763| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11764| [53215] Debian Security Advisory DSA 525-1 (apache)
11765| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11766| [52529] FreeBSD Ports: apache+ssl
11767| [52501] FreeBSD Ports: apache
11768| [52461] FreeBSD Ports: apache
11769| [52390] FreeBSD Ports: apache
11770| [52389] FreeBSD Ports: apache
11771| [52388] FreeBSD Ports: apache
11772| [52383] FreeBSD Ports: apache
11773| [52339] FreeBSD Ports: apache+mod_ssl
11774| [52331] FreeBSD Ports: apache
11775| [52329] FreeBSD Ports: ru-apache+mod_ssl
11776| [52314] FreeBSD Ports: apache
11777| [52310] FreeBSD Ports: apache
11778| [15588] Detect Apache HTTPS
11779| [15555] Apache mod_proxy content-length buffer overflow
11780| [15554] Apache mod_include priviledge escalation
11781| [14771] Apache <= 1.3.33 htpasswd local overflow
11782| [14177] Apache mod_access rule bypass
11783| [13644] Apache mod_rootme Backdoor
11784| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11785| [12280] Apache Connection Blocking Denial of Service
11786| [12239] Apache Error Log Escape Sequence Injection
11787| [12123] Apache Tomcat source.jsp malformed request information disclosure
11788| [12085] Apache Tomcat servlet/JSP container default files
11789| [11438] Apache Tomcat Directory Listing and File disclosure
11790| [11204] Apache Tomcat Default Accounts
11791| [11092] Apache 2.0.39 Win32 directory traversal
11792| [11046] Apache Tomcat TroubleShooter Servlet Installed
11793| [11042] Apache Tomcat DOS Device Name XSS
11794| [11041] Apache Tomcat /servlet Cross Site Scripting
11795| [10938] Apache Remote Command Execution via .bat files
11796| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11797| [10773] MacOS X Finder reveals contents of Apache Web files
11798| [10766] Apache UserDir Sensitive Information Disclosure
11799| [10756] MacOS X Finder reveals contents of Apache Web directories
11800| [10752] Apache Auth Module SQL Insertion Attack
11801| [10704] Apache Directory Listing
11802| [10678] Apache /server-info accessible
11803| [10677] Apache /server-status accessible
11804| [10440] Check for Apache Multiple / vulnerability
11805|
11806| SecurityTracker - https://www.securitytracker.com:
11807| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11808| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11809| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11810| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11811| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11812| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11813| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11814| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11815| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11816| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11817| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11818| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11819| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11820| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11821| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11822| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11823| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11824| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11825| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11826| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11827| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11828| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11829| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11830| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11831| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11832| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11833| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11834| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11835| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11836| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11837| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11838| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11839| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11840| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11841| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11842| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11843| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11844| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11845| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11846| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11847| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11848| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11849| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11850| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11851| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11852| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11853| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11854| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11855| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11856| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11857| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11858| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11859| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11860| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11861| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11862| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11863| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11864| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11865| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11866| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11867| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11868| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11869| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11870| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11871| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11872| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11873| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11874| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11875| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11876| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11877| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11878| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11879| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11880| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11881| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11882| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11883| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11884| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11885| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11886| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11887| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11888| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11889| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11890| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11891| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11892| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11893| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11894| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11895| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11896| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11897| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11898| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11899| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11900| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11901| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11902| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11903| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11904| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11905| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11906| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11907| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11908| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11909| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11910| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11911| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11912| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11913| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11914| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11915| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11916| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11917| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11918| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11919| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11920| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11921| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11922| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11923| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11924| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11925| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11926| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11927| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11928| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11929| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11930| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11931| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11932| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11933| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11934| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11935| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11936| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11937| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11938| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11939| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11940| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11941| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11942| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11943| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11944| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11945| [1008920] Apache mod_digest May Validate Replayed Client Responses
11946| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11947| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11948| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11949| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11950| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11951| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11952| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11953| [1008029] Apache mod_alias Contains a Buffer Overflow
11954| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11955| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11956| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11957| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11958| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11959| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11960| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11961| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11962| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11963| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11964| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11965| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11966| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11967| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11968| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11969| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11970| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11971| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11972| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11973| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11974| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11975| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11976| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11977| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11978| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11979| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11980| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11981| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11982| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11983| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11984| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11985| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11986| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11987| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11988| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11989| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11990| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11991| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11992| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11993| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11994| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11995| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11996| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11997| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11998| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11999| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12000| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12001| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12002| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12003| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12004| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12005| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12006| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12007| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12008| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12009| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12010|
12011| OSVDB - http://www.osvdb.org:
12012| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12013| [96077] Apache CloudStack Global Settings Multiple Field XSS
12014| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12015| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12016| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12017| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12018| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12019| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12020| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12021| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12022| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12023| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12024| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12025| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12026| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12027| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12028| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12029| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12030| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12031| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12032| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12033| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12034| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12035| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12036| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12037| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12038| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12039| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12040| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12041| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12042| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12043| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12044| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12045| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12046| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12047| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12048| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12049| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12050| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12051| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12052| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12053| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12054| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12055| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12056| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12057| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12058| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12059| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12060| [94279] Apache Qpid CA Certificate Validation Bypass
12061| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12062| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12063| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12064| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12065| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12066| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12067| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12068| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12069| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12070| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12071| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12072| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12073| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12074| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12075| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12076| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12077| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12078| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12079| [93541] Apache Solr json.wrf Callback XSS
12080| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12081| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12082| [93520] Apache CloudStack Default SSL Key Weakness
12083| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12084| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12085| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12086| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12087| [93515] Apache HBase table.jsp name Parameter XSS
12088| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12089| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12090| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12091| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12092| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12093| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12094| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12095| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12096| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12097| [93252] Apache Tomcat FORM Authenticator Session Fixation
12098| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12099| [93171] Apache Sling HtmlResponse Error Message XSS
12100| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12101| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12102| [93168] Apache Click ErrorReport.java id Parameter XSS
12103| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12104| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12105| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12106| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12107| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12108| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12109| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12110| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12111| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12112| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12113| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12114| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12115| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12116| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12117| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12118| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12119| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12120| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12121| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12122| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12123| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12124| [93144] Apache Solr Admin Command Execution CSRF
12125| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12126| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12127| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12128| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12129| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12130| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12131| [92748] Apache CloudStack VM Console Access Restriction Bypass
12132| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12133| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12134| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12135| [92706] Apache ActiveMQ Debug Log Rendering XSS
12136| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12137| [92270] Apache Tomcat Unspecified CSRF
12138| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12139| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12140| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12141| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12142| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12143| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12144| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12145| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12146| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12147| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12148| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12149| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12150| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12151| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12152| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12153| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12154| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12155| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12156| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12157| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12158| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12159| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12160| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12161| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12162| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12163| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12164| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12165| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12166| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12167| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12168| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12169| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12170| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12171| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12172| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12173| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12174| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12175| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12176| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12177| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12178| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12179| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12180| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12181| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12182| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12183| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12184| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12185| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12186| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12187| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12188| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12189| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12190| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12191| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12192| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12193| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12194| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12195| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12196| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12197| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12198| [86901] Apache Tomcat Error Message Path Disclosure
12199| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12200| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12201| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12202| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12203| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12204| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12205| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12206| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12207| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12208| [85430] Apache mod_pagespeed Module Unspecified XSS
12209| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12210| [85249] Apache Wicket Unspecified XSS
12211| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12212| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12213| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12214| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12215| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12216| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12217| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12218| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12219| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12220| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12221| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12222| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12223| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12224| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12225| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12226| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12227| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12228| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12229| [83339] Apache Roller Blogger Roll Unspecified XSS
12230| [83270] Apache Roller Unspecified Admin Action CSRF
12231| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12232| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12233| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12234| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12235| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12236| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12237| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12238| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12239| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12240| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12241| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12242| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12243| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12244| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12245| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12246| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12247| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12248| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12249| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12250| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12251| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12252| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12253| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12254| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12255| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12256| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12257| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12258| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12259| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12260| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12261| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12262| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12263| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12264| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12265| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12266| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12267| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12268| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12269| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12270| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12271| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12272| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12273| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12274| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12275| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12276| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12277| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12278| [77593] Apache Struts Conversion Error OGNL Expression Injection
12279| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12280| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12281| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12282| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12283| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12284| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12285| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12286| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12287| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12288| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12289| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12290| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12291| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12292| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12293| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12294| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12295| [74725] Apache Wicket Multi Window Support Unspecified XSS
12296| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12297| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12298| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12299| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12300| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12301| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12302| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12303| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12304| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12305| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12306| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12307| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12308| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12309| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12310| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12311| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12312| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12313| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12314| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12315| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12316| [73154] Apache Archiva Multiple Unspecified CSRF
12317| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12318| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12319| [72238] Apache Struts Action / Method Names <
12320| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12321| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12322| [71557] Apache Tomcat HTML Manager Multiple XSS
12323| [71075] Apache Archiva User Management Page XSS
12324| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12325| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12326| [70924] Apache Continuum Multiple Admin Function CSRF
12327| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12328| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12329| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12330| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12331| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12332| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12333| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12334| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12335| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12336| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12337| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12338| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12339| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12340| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12341| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12342| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12343| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12344| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12345| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12346| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12347| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12348| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12349| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12350| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12351| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12352| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12353| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12354| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12355| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12356| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12357| [65054] Apache ActiveMQ Jetty Error Handler XSS
12358| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12359| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12360| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12361| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12362| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12363| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12364| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12365| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12366| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12367| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12368| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12369| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12370| [63895] Apache HTTP Server mod_headers Unspecified Issue
12371| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12372| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12373| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12374| [63140] Apache Thrift Service Malformed Data Remote DoS
12375| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12376| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12377| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12378| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12379| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12380| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12381| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12382| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12383| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12384| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12385| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12386| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12387| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12388| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12389| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12390| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12391| [60678] Apache Roller Comment Email Notification Manipulation DoS
12392| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12393| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12394| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12395| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12396| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12397| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12398| [60232] PHP on Apache php.exe Direct Request Remote DoS
12399| [60176] Apache Tomcat Windows Installer Admin Default Password
12400| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12401| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12402| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12403| [59944] Apache Hadoop jobhistory.jsp XSS
12404| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12405| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12406| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12407| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12408| [59019] Apache mod_python Cookie Salting Weakness
12409| [59018] Apache Harmony Error Message Handling Overflow
12410| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12411| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12412| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12413| [59010] Apache Solr get-file.jsp XSS
12414| [59009] Apache Solr action.jsp XSS
12415| [59008] Apache Solr analysis.jsp XSS
12416| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12417| [59006] Apache Beehive select / checkbox Tag XSS
12418| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12419| [59004] Apache Beehive Error Message XSS
12420| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12421| [59002] Apache Jetspeed default-page.psml URI XSS
12422| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12423| [59000] Apache CXF Unsigned Message Policy Bypass
12424| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12425| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12426| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12427| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12428| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12429| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12430| [58993] Apache Hadoop browseBlock.jsp XSS
12431| [58991] Apache Hadoop browseDirectory.jsp XSS
12432| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12433| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12434| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12435| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12436| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12437| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12438| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12439| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12440| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12441| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12442| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12443| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12444| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12445| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12446| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12447| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12448| [58974] Apache Sling /apps Script User Session Management Access Weakness
12449| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12450| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12451| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12452| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12453| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12454| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12455| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12456| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12457| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12458| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12459| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12460| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12461| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12462| [58805] Apache Derby Unauthenticated Database / Admin Access
12463| [58804] Apache Wicket Header Contribution Unspecified Issue
12464| [58803] Apache Wicket Session Fixation
12465| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12466| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12467| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12468| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12469| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12470| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12471| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12472| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12473| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12474| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12475| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12476| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12477| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12478| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12479| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12480| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12481| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12482| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12483| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12484| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12485| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12486| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12487| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12488| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12489| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12490| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12491| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12492| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12493| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12494| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12495| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12496| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12497| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12498| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12499| [58755] Apache Harmony DRLVM Non-public Class Member Access
12500| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12501| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12502| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12503| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12504| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12505| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12506| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12507| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12508| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12509| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12510| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12511| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12512| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12513| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12514| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12515| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12516| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12517| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12518| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12519| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12520| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12521| [58724] Apache Roller Logout Functionality Failure Session Persistence
12522| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12523| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12524| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12525| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12526| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12527| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12528| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12529| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12530| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12531| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12532| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12533| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12534| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12535| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12536| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12537| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12538| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12539| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12540| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12541| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12542| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12543| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12544| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12545| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12546| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12547| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12548| [58687] Apache Axis Invalid wsdl Request XSS
12549| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12550| [58685] Apache Velocity Template Designer Privileged Code Execution
12551| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12552| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12553| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12554| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12555| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12556| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12557| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12558| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12559| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12560| [58667] Apache Roller Database Cleartext Passwords Disclosure
12561| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12562| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12563| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12564| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12565| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12566| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12567| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12568| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12569| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12570| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12571| [56984] Apache Xerces2 Java Malformed XML Input DoS
12572| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12573| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12574| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12575| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12576| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12577| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12578| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12579| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12580| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12581| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12582| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12583| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12584| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12585| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12586| [55056] Apache Tomcat Cross-application TLD File Manipulation
12587| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12588| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12589| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12590| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12591| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12592| [54589] Apache Jserv Nonexistent JSP Request XSS
12593| [54122] Apache Struts s:a / s:url Tag href Element XSS
12594| [54093] Apache ActiveMQ Web Console JMS Message XSS
12595| [53932] Apache Geronimo Multiple Admin Function CSRF
12596| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12597| [53930] Apache Geronimo /console/portal/ URI XSS
12598| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12599| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12600| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12601| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12602| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12603| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12604| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12605| [53380] Apache Struts Unspecified XSS
12606| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12607| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12608| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12609| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12610| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12611| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12612| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12613| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12614| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12615| [51151] Apache Roller Search Function q Parameter XSS
12616| [50482] PHP with Apache php_value Order Unspecified Issue
12617| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12618| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12619| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12620| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12621| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12622| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12623| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12624| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12625| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12626| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12627| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12628| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12629| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12630| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12631| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12632| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12633| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12634| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12635| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12636| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12637| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12638| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12639| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12640| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12641| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12642| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12643| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12644| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12645| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12646| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12647| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12648| [43452] Apache Tomcat HTTP Request Smuggling
12649| [43309] Apache Geronimo LoginModule Login Method Bypass
12650| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12651| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12652| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12653| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12654| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12655| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12656| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12657| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12658| [42091] Apache Maven Site Plugin Installation Permission Weakness
12659| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12660| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12661| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12662| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12663| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12664| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12665| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12666| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12667| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12668| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12669| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12670| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12671| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12672| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12673| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12674| [40262] Apache HTTP Server mod_status refresh XSS
12675| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12676| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12677| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12678| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12679| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12680| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12681| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12682| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12683| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12684| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12685| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12686| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12687| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12688| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12689| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12690| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12691| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12692| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12693| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12694| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12695| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12696| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12697| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12698| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12699| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12700| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12701| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12702| [36079] Apache Tomcat Manager Uploaded Filename XSS
12703| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12704| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12705| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12706| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12707| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12708| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12709| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12710| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12711| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12712| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12713| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12714| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12715| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12716| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12717| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12718| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12719| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12720| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12721| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12722| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12723| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12724| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12725| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12726| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12727| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12728| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12729| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12730| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12731| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12732| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12733| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12734| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12735| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12736| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12737| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12738| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12739| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12740| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12741| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12742| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12743| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12744| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12745| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12746| [24365] Apache Struts Multiple Function Error Message XSS
12747| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12748| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12749| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12750| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12751| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12752| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12753| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12754| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12755| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12756| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12757| [22459] Apache Geronimo Error Page XSS
12758| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12759| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12760| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12761| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12762| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12763| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12764| [21021] Apache Struts Error Message XSS
12765| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12766| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12767| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12768| [20439] Apache Tomcat Directory Listing Saturation DoS
12769| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12770| [20285] Apache HTTP Server Log File Control Character Injection
12771| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12772| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12773| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12774| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12775| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12776| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12777| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12778| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12779| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12780| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12781| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12782| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12783| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12784| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12785| [18233] Apache HTTP Server htdigest user Variable Overfow
12786| [17738] Apache HTTP Server HTTP Request Smuggling
12787| [16586] Apache HTTP Server Win32 GET Overflow DoS
12788| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12789| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12790| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12791| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12792| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12793| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12794| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12795| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12796| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12797| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12798| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12799| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12800| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12801| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12802| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12803| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12804| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12805| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12806| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12807| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12808| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12809| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12810| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12811| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12812| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12813| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12814| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12815| [13304] Apache Tomcat realPath.jsp Path Disclosure
12816| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12817| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12818| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12819| [12848] Apache HTTP Server htdigest realm Variable Overflow
12820| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12821| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12822| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12823| [12557] Apache HTTP Server prefork MPM accept Error DoS
12824| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12825| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12826| [12231] Apache Tomcat web.xml Arbitrary File Access
12827| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12828| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12829| [12178] Apache Jakarta Lucene results.jsp XSS
12830| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12831| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12832| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12833| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12834| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12835| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12836| [10471] Apache Xerces-C++ XML Parser DoS
12837| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12838| [10068] Apache HTTP Server htpasswd Local Overflow
12839| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12840| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12841| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12842| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12843| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12844| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12845| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12846| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12847| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12848| [9714] Apache Authentication Module Threaded MPM DoS
12849| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12850| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12851| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12852| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12853| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12854| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12855| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12856| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12857| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12858| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12859| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12860| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12861| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12862| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12863| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12864| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12865| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12866| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12867| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12868| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12869| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12870| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12871| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12872| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12873| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12874| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12875| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12876| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12877| [9208] Apache Tomcat .jsp Encoded Newline XSS
12878| [9204] Apache Tomcat ROOT Application XSS
12879| [9203] Apache Tomcat examples Application XSS
12880| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12881| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12882| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12883| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12884| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12885| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12886| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12887| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12888| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12889| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12890| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12891| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12892| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12893| [7611] Apache HTTP Server mod_alias Local Overflow
12894| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12895| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12896| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12897| [6882] Apache mod_python Malformed Query String Variant DoS
12898| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12899| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12900| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12901| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12902| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12903| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12904| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12905| [5278] Apache Tomcat web.xml Restriction Bypass
12906| [5051] Apache Tomcat Null Character DoS
12907| [4973] Apache Tomcat servlet Mapping XSS
12908| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12909| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12910| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12911| [4568] mod_survey For Apache ENV Tags SQL Injection
12912| [4553] Apache HTTP Server ApacheBench Overflow DoS
12913| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12914| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12915| [4383] Apache HTTP Server Socket Race Condition DoS
12916| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12917| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12918| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12919| [4231] Apache Cocoon Error Page Server Path Disclosure
12920| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12921| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12922| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12923| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12924| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12925| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12926| [3322] mod_php for Apache HTTP Server Process Hijack
12927| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12928| [2885] Apache mod_python Malformed Query String DoS
12929| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12930| [2733] Apache HTTP Server mod_rewrite Local Overflow
12931| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12932| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12933| [2149] Apache::Gallery Privilege Escalation
12934| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12935| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12936| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12937| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12938| [872] Apache Tomcat Multiple Default Accounts
12939| [862] Apache HTTP Server SSI Error Page XSS
12940| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12941| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12942| [845] Apache Tomcat MSDOS Device XSS
12943| [844] Apache Tomcat Java Servlet Error Page XSS
12944| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12945| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12946| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12947| [775] Apache mod_python Module Importing Privilege Function Execution
12948| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12949| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12950| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12951| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12952| [637] Apache HTTP Server UserDir Directive Username Enumeration
12953| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12954| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12955| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12956| [561] Apache Web Servers mod_status /server-status Information Disclosure
12957| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12958| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12959| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12960| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12961| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12962| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12963| [376] Apache Tomcat contextAdmin Arbitrary File Access
12964| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12965| [222] Apache HTTP Server test-cgi Arbitrary File Access
12966| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12967| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12968|_
12969Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
12970Device type: general purpose
12971Running (JUST GUESSING): Microsoft Windows 7|2008|8.1|Vista (90%)
12972OS CPE: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::sp1:home_premium
12973Aggressive OS guesses: Microsoft Windows 7 SP1 or Windows Server 2008 (90%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 (90%), Microsoft Windows 8.1 (89%), Microsoft Windows 8.1 Update 1 (89%), Microsoft Windows Server 2008 R2 SP1 (88%), Microsoft Windows 7 SP1 (88%), Microsoft Windows Windows 7 SP1 (88%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (88%), Microsoft Windows Vista SP1 (88%), Microsoft Windows 7 Ultimate (87%)
12974No exact OS matches for host (test conditions non-ideal).
12975Uptime guess: 92.606 days (since Wed Jul 24 05:15:44 2019)
12976Network Distance: 22 hops
12977TCP Sequence Prediction: Difficulty=249 (Good luck!)
12978IP ID Sequence Generation: Busy server or unknown class
12979
12980TRACEROUTE (using port 80/tcp)
12981HOP RTT ADDRESS
129821 146.62 ms 10.249.204.1
129832 146.69 ms 45.131.4.2
129843 146.68 ms 109.236.95.228
129854 146.73 ms 109.236.95.167
129865 146.75 ms adm-b2-link.telia.net (62.115.148.140)
129876 356.02 ms adm-bb4-link.telia.net (62.115.137.64)
129887 356.05 ms ldn-bb3-link.telia.net (213.155.136.98)
129898 356.05 ms nyk-bb4-link.telia.net (62.115.113.20)
129909 356.02 ms sjo-b21-link.telia.net (213.155.130.129)
1299110 456.75 ms softbank-ic-323269-sjo-b21.c.telia.net (213.248.88.78)
1299211 ... 19
1299320 441.11 ms 219.101.222.14
1299421 344.94 ms nlmfgate.nikkeikin.co.jp (219.101.223.131)
1299522 469.89 ms www1.nikkei-buturyu.co.jp (219.101.223.158)
12996
12997NSE: Script Post-scanning.
12998Initiating NSE at 19:49
12999Completed NSE at 19:49, 0.00s elapsed
13000Initiating NSE at 19:49
13001Completed NSE at 19:49, 0.00s elapsed
13002######################################################################################################################################
13003NSE: Loaded 163 scripts for scanning.
13004NSE: Script Pre-scanning.
13005Initiating NSE at 19:49
13006Completed NSE at 19:49, 0.00s elapsed
13007Initiating NSE at 19:49
13008Completed NSE at 19:49, 0.00s elapsed
13009Initiating Parallel DNS resolution of 1 host. at 19:49
13010Completed Parallel DNS resolution of 1 host. at 19:49, 0.02s elapsed
13011Initiating SYN Stealth Scan at 19:49
13012Scanning www1.nikkei-buturyu.co.jp (219.101.223.158) [1 port]
13013Discovered open port 443/tcp on 219.101.223.158
13014Completed SYN Stealth Scan at 19:49, 0.39s elapsed (1 total ports)
13015Initiating Service scan at 19:49
13016Scanning 1 service on www1.nikkei-buturyu.co.jp (219.101.223.158)
13017Completed Service scan at 19:49, 14.73s elapsed (1 service on 1 host)
13018Initiating OS detection (try #1) against www1.nikkei-buturyu.co.jp (219.101.223.158)
13019Retrying OS detection (try #2) against www1.nikkei-buturyu.co.jp (219.101.223.158)
13020Initiating Traceroute at 19:49
13021Completed Traceroute at 19:49, 3.46s elapsed
13022Initiating Parallel DNS resolution of 13 hosts. at 19:49
13023Completed Parallel DNS resolution of 13 hosts. at 19:49, 1.07s elapsed
13024NSE: Script scanning 219.101.223.158.
13025Initiating NSE at 19:49
13026Completed NSE at 19:56, 397.02s elapsed
13027Initiating NSE at 19:56
13028Completed NSE at 19:56, 4.13s elapsed
13029Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
13030Host is up (0.40s latency).
13031
13032PORT STATE SERVICE VERSION
13033443/tcp open ssl/https?
13034|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
13035| http-brute:
13036|_ Path "/" does not require authentication
13037|_http-chrono: Request times for /; avg: 9453.62ms; min: 9254.82ms; max: 9613.65ms
13038|_http-csrf: Couldn't find any CSRF vulnerabilities.
13039|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
13040|_http-dombased-xss: Couldn't find any DOM based XSS.
13041|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
13042|_http-errors: ERROR: Script execution failed (use -d to debug)
13043|_http-feed: Couldn't find any feeds.
13044|_http-fetch: Please enter the complete path of the directory to save data in.
13045|_http-jsonp-detection: Couldn't find any JSONP endpoints.
13046|_http-mobileversion-checker: No mobile version detected.
13047| http-security-headers:
13048| Strict_Transport_Security:
13049|_ HSTS not configured in HTTPS Server
13050| http-sitemap-generator:
13051| Directory structure:
13052| Longest directory structure:
13053| Depth: 0
13054| Dir: /
13055| Total files found (by extension):
13056|_
13057|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
13058| http-vhosts:
13059|_127 names had status ERROR
13060|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
13061|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
13062|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
13063|_http-xssed: No previously reported XSS vuln.
13064Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
13065Device type: general purpose
13066Running (JUST GUESSING): Microsoft Windows 2008|7|Vista (91%)
13067OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_vista
13068Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 (91%), Microsoft Windows Server 2008 R2 (87%), Microsoft Windows 7 SP1 (85%), Microsoft Windows Vista (85%)
13069No exact OS matches for host (test conditions non-ideal).
13070Uptime guess: 92.612 days (since Wed Jul 24 05:15:44 2019)
13071Network Distance: 22 hops
13072TCP Sequence Prediction: Difficulty=258 (Good luck!)
13073IP ID Sequence Generation: Busy server or unknown class
13074
13075TRACEROUTE (using port 443/tcp)
13076HOP RTT ADDRESS
130771 244.75 ms 10.249.204.1
130782 344.89 ms 45.131.4.2
130793 344.85 ms 109.236.95.224
130804 344.92 ms 109.236.95.167
130815 344.95 ms adm-b3-link.telia.net (213.248.99.192)
130826 444.54 ms adm-bb4-link.telia.net (62.115.137.64)
130837 444.63 ms ldn-bb3-link.telia.net (213.155.136.98)
130848 444.61 ms nyk-bb4-link.telia.net (62.115.113.20)
130859 444.61 ms sjo-b21-link.telia.net (62.115.119.229)
1308610 345.03 ms softbank-ic-323269-sjo-b21.c.telia.net (213.248.88.78)
1308711 ... 19
1308820 392.80 ms 219.101.222.14
1308921 339.59 ms nlmfgate.nikkeikin.co.jp (219.101.223.131)
1309022 349.44 ms www1.nikkei-buturyu.co.jp (219.101.223.158)
13091
13092NSE: Script Post-scanning.
13093Initiating NSE at 19:56
13094Completed NSE at 19:56, 0.00s elapsed
13095Initiating NSE at 19:56
13096Completed NSE at 19:56, 0.00s elapsed
13097######################################################################################################################################
13098Version: 1.11.13-static
13099OpenSSL 1.0.2-chacha (1.0.2g-dev)
13100
13101Connected to 219.101.223.158
13102
13103Testing SSL server 219.101.223.158 on port 443 using SNI name 219.101.223.158
13104
13105 TLS Fallback SCSV:
13106Server only supports TLSv1.0
13107
13108 TLS renegotiation:
13109Secure session renegotiation supported
13110
13111 TLS Compression:
13112Compression enabled (CRIME)
13113
13114 Heartbleed:
13115TLS 1.2 not vulnerable to heartbleed
13116TLS 1.1 not vulnerable to heartbleed
13117TLS 1.0 not vulnerable to heartbleed
13118
13119 Supported Server Cipher(s):
13120Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
13121Accepted TLSv1.0 256 bits AES256-SHA
13122Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
13123Accepted TLSv1.0 128 bits AES128-SHA
13124Accepted TLSv1.0 128 bits RC4-SHA
13125Accepted TLSv1.0 128 bits RC4-MD5
13126Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
13127Accepted TLSv1.0 112 bits DES-CBC3-SHA
13128Accepted TLSv1.0 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
13129Accepted TLSv1.0 56 bits DES-CBC-SHA
13130Accepted TLSv1.0 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
13131Accepted TLSv1.0 40 bits EXP-DES-CBC-SHA RSA 512 bits
13132Accepted TLSv1.0 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
13133Accepted TLSv1.0 40 bits EXP-RC4-MD5 RSA 512 bits
13134Preferred SSLv3 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
13135Accepted SSLv3 256 bits AES256-SHA
13136Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
13137Accepted SSLv3 128 bits AES128-SHA
13138Accepted SSLv3 128 bits RC4-SHA
13139Accepted SSLv3 128 bits RC4-MD5
13140Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
13141Accepted SSLv3 112 bits DES-CBC3-SHA
13142Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
13143Accepted SSLv3 56 bits DES-CBC-SHA
13144Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
13145Accepted SSLv3 40 bits EXP-DES-CBC-SHA RSA 512 bits
13146Accepted SSLv3 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
13147Accepted SSLv3 40 bits EXP-RC4-MD5 RSA 512 bits
13148Preferred SSLv2 128 bits RC2-CBC-MD5
13149Accepted SSLv2 128 bits RC4-MD5
13150Accepted SSLv2 112 bits DES-CBC3-MD5
13151Accepted SSLv2 56 bits DES-CBC-MD5
13152Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
13153Accepted SSLv2 40 bits EXP-RC4-MD5
13154
13155 SSL Certificate:
13156Signature Algorithm: sha256WithRSAEncryption
13157RSA Key Strength: 2048
13158
13159Subject: www.nikkeikin.co.jp
13160Altnames: DNS:www.nikkeikin.co.jp, DNS:www.nikkeikin.com, DNS:cn.nikkeikin.com, DNS:www.nikkeikinholdings.co.jp, DNS:www.nikkeikinholdings.com, DNS:cn.nikkeikinholdings.com, DNS:www.arumi-reinetsu.co.jp, DNS:www.excad.jp, DNS:www.nikkei-buturyu.co.jp, DNS:www.nikkei-metal.co.jp, DNS:www.nlm-ecal.co.jp, DNS:www.nlmna.com, DNS:www.shisaku.com, DNS:www.toyal.co.jp, DNS:www.fruehauf.co.jp, DNS:www.rikenkeikinzoku.co.jp, DNS:www.nikkeisangyo.co.jp, DNS:www.nfh-partssales.jp, DNS:nikkeikin.co.jp
13161Issuer: GlobalSign RSA OV SSL CA 2018
13162
13163Not valid before: Sep 1 23:56:04 2019 GMT
13164Not valid after: Jan 30 06:46:04 2020 GMT
13165#####################################################################################################################################
13166Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 20:01 EDT
13167NSE: Loaded 47 scripts for scanning.
13168NSE: Script Pre-scanning.
13169Initiating NSE at 20:01
13170Completed NSE at 20:01, 0.00s elapsed
13171Initiating NSE at 20:01
13172Completed NSE at 20:01, 0.00s elapsed
13173Initiating Ping Scan at 20:01
13174Scanning 219.101.223.158 [4 ports]
13175Completed Ping Scan at 20:01, 0.54s elapsed (1 total hosts)
13176Initiating Parallel DNS resolution of 1 host. at 20:01
13177Completed Parallel DNS resolution of 1 host. at 20:01, 0.02s elapsed
13178Initiating SYN Stealth Scan at 20:01
13179Scanning www1.nikkei-buturyu.co.jp (219.101.223.158) [65535 ports]
13180Discovered open port 443/tcp on 219.101.223.158
13181Discovered open port 80/tcp on 219.101.223.158
13182SYN Stealth Scan Timing: About 2.25% done; ETC: 20:24 (0:22:24 remaining)
13183SYN Stealth Scan Timing: About 11.32% done; ETC: 20:10 (0:07:58 remaining)
13184SYN Stealth Scan Timing: About 23.41% done; ETC: 20:07 (0:04:58 remaining)
13185SYN Stealth Scan Timing: About 38.97% done; ETC: 20:06 (0:03:10 remaining)
13186SYN Stealth Scan Timing: About 54.68% done; ETC: 20:05 (0:02:05 remaining)
13187SYN Stealth Scan Timing: About 67.21% done; ETC: 20:05 (0:01:28 remaining)
13188SYN Stealth Scan Timing: About 83.03% done; ETC: 20:05 (0:00:43 remaining)
13189Completed SYN Stealth Scan at 20:05, 250.52s elapsed (65535 total ports)
13190Initiating Service scan at 20:05
13191Scanning 2 services on www1.nikkei-buturyu.co.jp (219.101.223.158)
13192Completed Service scan at 20:05, 14.91s elapsed (2 services on 1 host)
13193Initiating OS detection (try #1) against www1.nikkei-buturyu.co.jp (219.101.223.158)
13194Retrying OS detection (try #2) against www1.nikkei-buturyu.co.jp (219.101.223.158)
13195Initiating Traceroute at 20:05
13196Completed Traceroute at 20:05, 0.25s elapsed
13197Initiating Parallel DNS resolution of 2 hosts. at 20:05
13198Completed Parallel DNS resolution of 2 hosts. at 20:05, 0.00s elapsed
13199NSE: Script scanning 219.101.223.158.
13200Initiating NSE at 20:05
13201Completed NSE at 20:06, 8.08s elapsed
13202Initiating NSE at 20:06
13203Completed NSE at 20:06, 4.09s elapsed
13204Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
13205Host is up (0.20s latency).
13206Not shown: 65530 filtered ports
13207PORT STATE SERVICE VERSION
1320825/tcp closed smtp
1320980/tcp open http Apache httpd
13210|_http-server-header: Apache
13211|_https-redirect: ERROR: Script execution failed (use -d to debug)
13212| vulscan: VulDB - https://vuldb.com:
13213| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
13214| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
13215| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
13216| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
13217| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
13218| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
13219| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
13220| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
13221| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
13222| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
13223| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
13224| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
13225| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
13226| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
13227| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
13228| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
13229| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
13230| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
13231| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
13232| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
13233| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
13234| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
13235| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
13236| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
13237| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
13238| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
13239| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
13240| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
13241| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
13242| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
13243| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
13244| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
13245| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13246| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13247| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
13248| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13249| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
13250| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
13251| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
13252| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
13253| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13254| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13255| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
13256| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
13257| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
13258| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13259| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13260| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
13261| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
13262| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13263| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13264| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
13265| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
13266| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
13267| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
13268| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
13269| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
13270| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
13271| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
13272| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
13273| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
13274| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13275| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13276| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
13277| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
13278| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13279| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
13280| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
13281| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
13282| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
13283| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
13284| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
13285| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
13286| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
13287| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
13288| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
13289| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
13290| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
13291| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
13292| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
13293| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
13294| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
13295| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
13296| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
13297| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
13298| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
13299| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
13300| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
13301| [136370] Apache Fineract up to 1.2.x sql injection
13302| [136369] Apache Fineract up to 1.2.x sql injection
13303| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
13304| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
13305| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
13306| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
13307| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
13308| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
13309| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
13310| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
13311| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
13312| [134416] Apache Sanselan 0.97-incubator Loop denial of service
13313| [134415] Apache Sanselan 0.97-incubator Hang denial of service
13314| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
13315| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
13316| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13317| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13318| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
13319| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
13320| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
13321| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
13322| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
13323| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
13324| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
13325| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
13326| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
13327| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
13328| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
13329| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
13330| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
13331| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
13332| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
13333| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
13334| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
13335| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
13336| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
13337| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
13338| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
13339| [131859] Apache Hadoop up to 2.9.1 privilege escalation
13340| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
13341| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
13342| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
13343| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
13344| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
13345| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
13346| [130629] Apache Guacamole Cookie Flag weak encryption
13347| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
13348| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
13349| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
13350| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
13351| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
13352| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
13353| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
13354| [130123] Apache Airflow up to 1.8.2 information disclosure
13355| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
13356| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
13357| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
13358| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
13359| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13360| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13361| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13362| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
13363| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
13364| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
13365| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
13366| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
13367| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13368| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
13369| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
13370| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
13371| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
13372| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
13373| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13374| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
13375| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13376| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
13377| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
13378| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
13379| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
13380| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
13381| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
13382| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
13383| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
13384| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
13385| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
13386| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
13387| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
13388| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
13389| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
13390| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
13391| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
13392| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
13393| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
13394| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
13395| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
13396| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
13397| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
13398| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
13399| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
13400| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
13401| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
13402| [127007] Apache Spark Request Code Execution
13403| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
13404| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
13405| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
13406| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
13407| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
13408| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
13409| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
13410| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
13411| [126346] Apache Tomcat Path privilege escalation
13412| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
13413| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
13414| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
13415| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
13416| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
13417| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
13418| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
13419| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
13420| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
13421| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
13422| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
13423| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13424| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
13425| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
13426| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
13427| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
13428| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
13429| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
13430| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
13431| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
13432| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
13433| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
13434| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
13435| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
13436| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
13437| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
13438| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
13439| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
13440| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
13441| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
13442| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
13443| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
13444| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
13445| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
13446| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
13447| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
13448| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
13449| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
13450| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
13451| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
13452| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
13453| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
13454| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
13455| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
13456| [123197] Apache Sentry up to 2.0.0 privilege escalation
13457| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
13458| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
13459| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
13460| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
13461| [122800] Apache Spark 1.3.0 REST API weak authentication
13462| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
13463| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
13464| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
13465| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
13466| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
13467| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
13468| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
13469| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
13470| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
13471| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
13472| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
13473| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
13474| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
13475| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
13476| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
13477| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
13478| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
13479| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
13480| [121354] Apache CouchDB HTTP API Code Execution
13481| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
13482| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
13483| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
13484| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
13485| [120168] Apache CXF weak authentication
13486| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
13487| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
13488| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
13489| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
13490| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
13491| [119306] Apache MXNet Network Interface privilege escalation
13492| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
13493| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
13494| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
13495| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
13496| [118143] Apache NiFi activemq-client Library Deserialization denial of service
13497| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
13498| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
13499| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
13500| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
13501| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
13502| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
13503| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
13504| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
13505| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
13506| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
13507| [117115] Apache Tika up to 1.17 tika-server command injection
13508| [116929] Apache Fineract getReportType Parameter privilege escalation
13509| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
13510| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
13511| [116926] Apache Fineract REST Parameter privilege escalation
13512| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
13513| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
13514| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
13515| [115883] Apache Hive up to 2.3.2 privilege escalation
13516| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
13517| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
13518| [115518] Apache Ignite 2.3 Deserialization privilege escalation
13519| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
13520| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
13521| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
13522| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
13523| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
13524| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
13525| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
13526| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
13527| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
13528| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
13529| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
13530| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
13531| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
13532| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
13533| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
13534| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
13535| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
13536| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
13537| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
13538| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
13539| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
13540| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
13541| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
13542| [113895] Apache Geode up to 1.3.x Code Execution
13543| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
13544| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
13545| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
13546| [113747] Apache Tomcat Servlets privilege escalation
13547| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
13548| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
13549| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
13550| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
13551| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
13552| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13553| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
13554| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13555| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
13556| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
13557| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
13558| [112885] Apache Allura up to 1.8.0 File information disclosure
13559| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
13560| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
13561| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
13562| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
13563| [112625] Apache POI up to 3.16 Loop denial of service
13564| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
13565| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
13566| [112339] Apache NiFi 1.5.0 Header privilege escalation
13567| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
13568| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
13569| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
13570| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
13571| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
13572| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
13573| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
13574| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
13575| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
13576| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
13577| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
13578| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
13579| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
13580| [112114] Oracle 9.1 Apache Log4j privilege escalation
13581| [112113] Oracle 9.1 Apache Log4j privilege escalation
13582| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
13583| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
13584| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
13585| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
13586| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
13587| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
13588| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
13589| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
13590| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
13591| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
13592| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
13593| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
13594| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
13595| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13596| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13597| [110701] Apache Fineract Query Parameter sql injection
13598| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13599| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13600| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13601| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13602| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13603| [110106] Apache CXF Fediz Spring cross site request forgery
13604| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13605| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13606| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13607| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13608| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13609| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13610| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13611| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13612| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13613| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13614| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13615| [108938] Apple macOS up to 10.13.1 apache denial of service
13616| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13617| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13618| [108935] Apple macOS up to 10.13.1 apache denial of service
13619| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13620| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13621| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13622| [108931] Apple macOS up to 10.13.1 apache denial of service
13623| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13624| [108929] Apple macOS up to 10.13.1 apache denial of service
13625| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13626| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13627| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13628| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13629| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13630| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13631| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13632| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13633| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13634| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13635| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13636| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13637| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13638| [108782] Apache Xerces2 XML Service denial of service
13639| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13640| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13641| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13642| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13643| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13644| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13645| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13646| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13647| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13648| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13649| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13650| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13651| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13652| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13653| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13654| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13655| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13656| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13657| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13658| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13659| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13660| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13661| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13662| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13663| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13664| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13665| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13666| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13667| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13668| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13669| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13670| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13671| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13672| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13673| [107639] Apache NiFi 1.4.0 XML External Entity
13674| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13675| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13676| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13677| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13678| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13679| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13680| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13681| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13682| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13683| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13684| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13685| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13686| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13687| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13688| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13689| [107084] Apache Struts up to 2.3.19 cross site scripting
13690| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13691| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13692| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13693| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13694| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13695| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13696| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13697| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13698| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13699| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13700| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13701| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13702| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13703| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13704| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13705| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13706| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13707| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13708| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13709| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13710| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13711| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13712| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13713| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13714| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13715| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13716| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13717| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13718| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13719| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13720| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13721| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13722| [105643] Apache Pony Mail up to 0.8b weak authentication
13723| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13724| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13725| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13726| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13727| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13728| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13729| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13730| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13731| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13732| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13733| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13734| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13735| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13736| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13737| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13738| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13739| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13740| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13741| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13742| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13743| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13744| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13745| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13746| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13747| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13748| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13749| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13750| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13751| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13752| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13753| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13754| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13755| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13756| [103690] Apache OpenMeetings 1.0.0 sql injection
13757| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13758| [103688] Apache OpenMeetings 1.0.0 weak encryption
13759| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13760| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13761| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13762| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13763| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13764| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13765| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13766| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13767| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13768| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13769| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13770| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13771| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13772| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13773| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13774| [103352] Apache Solr Node weak authentication
13775| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13776| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13777| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13778| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13779| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13780| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13781| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13782| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13783| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13784| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13785| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13786| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13787| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13788| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13789| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13790| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13791| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13792| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13793| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13794| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13795| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13796| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13797| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13798| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13799| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13800| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13801| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13802| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13803| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13804| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13805| [99937] Apache Batik up to 1.8 privilege escalation
13806| [99936] Apache FOP up to 2.1 privilege escalation
13807| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13808| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13809| [99930] Apache Traffic Server up to 6.2.0 denial of service
13810| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13811| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13812| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13813| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13814| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13815| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13816| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13817| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13818| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13819| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13820| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13821| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13822| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13823| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13824| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13825| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13826| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13827| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13828| [98605] Apple macOS up to 10.12.3 Apache denial of service
13829| [98604] Apple macOS up to 10.12.3 Apache denial of service
13830| [98603] Apple macOS up to 10.12.3 Apache denial of service
13831| [98602] Apple macOS up to 10.12.3 Apache denial of service
13832| [98601] Apple macOS up to 10.12.3 Apache denial of service
13833| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13834| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13835| [98199] Apache Camel Validation XML External Entity
13836| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13837| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13838| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13839| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13840| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13841| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13842| [97081] Apache Tomcat HTTPS Request denial of service
13843| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13844| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13845| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13846| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13847| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13848| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13849| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13850| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13851| [95311] Apache Storm UI Daemon privilege escalation
13852| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13853| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13854| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13855| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13856| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13857| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13858| [94540] Apache Tika 1.9 tika-server File information disclosure
13859| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13860| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13861| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13862| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13863| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13864| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13865| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13866| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13867| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13868| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13869| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13870| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13871| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13872| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13873| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13874| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13875| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13876| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13877| [93532] Apache Commons Collections Library Java privilege escalation
13878| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13879| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13880| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13881| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13882| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13883| [93098] Apache Commons FileUpload privilege escalation
13884| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13885| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13886| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13887| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13888| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13889| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13890| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13891| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13892| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13893| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13894| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13895| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13896| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13897| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13898| [92549] Apache Tomcat on Red Hat privilege escalation
13899| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13900| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13901| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13902| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13903| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13904| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13905| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13906| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13907| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13908| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13909| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13910| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13911| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13912| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13913| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13914| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13915| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13916| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13917| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13918| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13919| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13920| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13921| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13922| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13923| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13924| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13925| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13926| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13927| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13928| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13929| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13930| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13931| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13932| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13933| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13934| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13935| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13936| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13937| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13938| [90263] Apache Archiva Header denial of service
13939| [90262] Apache Archiva Deserialize privilege escalation
13940| [90261] Apache Archiva XML DTD Connection privilege escalation
13941| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13942| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13943| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13944| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13945| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13946| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13947| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13948| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13949| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13950| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13951| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13952| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13953| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13954| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13955| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13956| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13957| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13958| [87765] Apache James Server 2.3.2 Command privilege escalation
13959| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13960| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13961| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13962| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13963| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13964| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13965| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13966| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13967| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13968| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13969| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13970| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13971| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13972| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13973| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13974| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13975| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13976| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13977| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13978| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13979| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13980| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13981| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13982| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13983| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13984| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13985| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13986| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13987| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13988| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13989| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13990| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13991| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13992| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13993| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13994| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13995| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13996| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13997| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13998| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13999| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
14000| [82076] Apache Ranger up to 0.5.1 privilege escalation
14001| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
14002| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
14003| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
14004| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
14005| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
14006| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
14007| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
14008| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
14009| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
14010| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
14011| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
14012| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
14013| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14014| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14015| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
14016| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
14017| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
14018| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
14019| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
14020| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
14021| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
14022| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
14023| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
14024| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
14025| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
14026| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
14027| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
14028| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
14029| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
14030| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
14031| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
14032| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
14033| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
14034| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
14035| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
14036| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
14037| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
14038| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
14039| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
14040| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
14041| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
14042| [79791] Cisco Products Apache Commons Collections Library privilege escalation
14043| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14044| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14045| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
14046| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
14047| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
14048| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
14049| [78989] Apache Ambari up to 2.1.1 Open Redirect
14050| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
14051| [78987] Apache Ambari up to 2.0.x cross site scripting
14052| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
14053| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14054| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14055| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14056| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14057| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14058| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14059| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14060| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
14061| [77406] Apache Flex BlazeDS AMF Message XML External Entity
14062| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
14063| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
14064| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
14065| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
14066| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
14067| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
14068| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
14069| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
14070| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
14071| [76567] Apache Struts 2.3.20 unknown vulnerability
14072| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
14073| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
14074| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
14075| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
14076| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
14077| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
14078| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
14079| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
14080| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
14081| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
14082| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
14083| [74793] Apache Tomcat File Upload denial of service
14084| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
14085| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
14086| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
14087| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
14088| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
14089| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
14090| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
14091| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
14092| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
14093| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
14094| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
14095| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
14096| [74468] Apache Batik up to 1.6 denial of service
14097| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
14098| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
14099| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
14100| [74174] Apache WSS4J up to 2.0.0 privilege escalation
14101| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
14102| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
14103| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
14104| [73731] Apache XML Security unknown vulnerability
14105| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
14106| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
14107| [73593] Apache Traffic Server up to 5.1.0 denial of service
14108| [73511] Apache POI up to 3.10 Deadlock denial of service
14109| [73510] Apache Solr up to 4.3.0 cross site scripting
14110| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
14111| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
14112| [73173] Apache CloudStack Stack-Based unknown vulnerability
14113| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
14114| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
14115| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
14116| [72890] Apache Qpid 0.30 unknown vulnerability
14117| [72887] Apache Hive 0.13.0 File Permission privilege escalation
14118| [72878] Apache Cordova 3.5.0 cross site request forgery
14119| [72877] Apache Cordova 3.5.0 cross site request forgery
14120| [72876] Apache Cordova 3.5.0 cross site request forgery
14121| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
14122| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
14123| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
14124| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
14125| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14126| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14127| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
14128| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
14129| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
14130| [71629] Apache Axis2/C spoofing
14131| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
14132| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
14133| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
14134| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
14135| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
14136| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
14137| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
14138| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
14139| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
14140| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
14141| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
14142| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
14143| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
14144| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
14145| [70809] Apache POI up to 3.11 Crash denial of service
14146| [70808] Apache POI up to 3.10 unknown vulnerability
14147| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
14148| [70749] Apache Axis up to 1.4 getCN spoofing
14149| [70701] Apache Traffic Server up to 3.3.5 denial of service
14150| [70700] Apache OFBiz up to 12.04.03 cross site scripting
14151| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
14152| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
14153| [70661] Apache Subversion up to 1.6.17 denial of service
14154| [70660] Apache Subversion up to 1.6.17 spoofing
14155| [70659] Apache Subversion up to 1.6.17 spoofing
14156| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
14157| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
14158| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
14159| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
14160| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
14161| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
14162| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
14163| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
14164| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
14165| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
14166| [69846] Apache HBase up to 0.94.8 information disclosure
14167| [69783] Apache CouchDB up to 1.2.0 memory corruption
14168| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
14169| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
14170| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
14171| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
14172| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
14173| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
14174| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
14175| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
14176| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
14177| [69431] Apache Archiva up to 1.3.6 cross site scripting
14178| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
14179| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
14180| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
14181| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
14182| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
14183| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
14184| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
14185| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
14186| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
14187| [66739] Apache Camel up to 2.12.2 unknown vulnerability
14188| [66738] Apache Camel up to 2.12.2 unknown vulnerability
14189| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
14190| [66695] Apache CouchDB up to 1.2.0 cross site scripting
14191| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
14192| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
14193| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
14194| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
14195| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
14196| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
14197| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
14198| [66356] Apache Wicket up to 6.8.0 information disclosure
14199| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
14200| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
14201| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14202| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
14203| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
14204| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14205| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14206| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
14207| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
14208| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
14209| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
14210| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
14211| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
14212| [65668] Apache Solr 4.0.0 Updater denial of service
14213| [65665] Apache Solr up to 4.3.0 denial of service
14214| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
14215| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
14216| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
14217| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
14218| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
14219| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
14220| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
14221| [65410] Apache Struts 2.3.15.3 cross site scripting
14222| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
14223| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
14224| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
14225| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
14226| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
14227| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
14228| [65340] Apache Shindig 2.5.0 information disclosure
14229| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
14230| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
14231| [10826] Apache Struts 2 File privilege escalation
14232| [65204] Apache Camel up to 2.10.1 unknown vulnerability
14233| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
14234| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
14235| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
14236| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
14237| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
14238| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
14239| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
14240| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
14241| [64722] Apache XML Security for C++ Heap-based memory corruption
14242| [64719] Apache XML Security for C++ Heap-based memory corruption
14243| [64718] Apache XML Security for C++ verify denial of service
14244| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
14245| [64716] Apache XML Security for C++ spoofing
14246| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
14247| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
14248| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
14249| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
14250| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
14251| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
14252| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
14253| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
14254| [64485] Apache Struts up to 2.2.3.0 privilege escalation
14255| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
14256| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
14257| [64467] Apache Geronimo 3.0 memory corruption
14258| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
14259| [64457] Apache Struts up to 2.2.3.0 cross site scripting
14260| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
14261| [9184] Apache Qpid up to 0.20 SSL misconfiguration
14262| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
14263| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
14264| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
14265| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
14266| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
14267| [8873] Apache Struts 2.3.14 privilege escalation
14268| [8872] Apache Struts 2.3.14 privilege escalation
14269| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
14270| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
14271| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
14272| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
14273| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
14274| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14275| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14276| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
14277| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
14278| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
14279| [64006] Apache ActiveMQ up to 5.7.0 denial of service
14280| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
14281| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
14282| [8427] Apache Tomcat Session Transaction weak authentication
14283| [63960] Apache Maven 3.0.4 Default Configuration spoofing
14284| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
14285| [63750] Apache qpid up to 0.20 checkAvailable denial of service
14286| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
14287| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
14288| [63747] Apache Rave up to 0.20 User Account information disclosure
14289| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
14290| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
14291| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
14292| [7687] Apache CXF up to 2.7.2 Token weak authentication
14293| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14294| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14295| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
14296| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
14297| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
14298| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
14299| [63090] Apache Tomcat up to 4.1.24 denial of service
14300| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
14301| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
14302| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
14303| [62833] Apache CXF -/2.6.0 spoofing
14304| [62832] Apache Axis2 up to 1.6.2 spoofing
14305| [62831] Apache Axis up to 1.4 Java Message Service spoofing
14306| [62830] Apache Commons-httpclient 3.0 Payments spoofing
14307| [62826] Apache Libcloud up to 0.11.0 spoofing
14308| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
14309| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
14310| [62661] Apache Axis2 unknown vulnerability
14311| [62658] Apache Axis2 unknown vulnerability
14312| [62467] Apache Qpid up to 0.17 denial of service
14313| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
14314| [6301] Apache HTTP Server mod_pagespeed cross site scripting
14315| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
14316| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
14317| [62035] Apache Struts up to 2.3.4 denial of service
14318| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
14319| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
14320| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
14321| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
14322| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
14323| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
14324| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
14325| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
14326| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
14327| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
14328| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
14329| [61229] Apache Sling up to 2.1.1 denial of service
14330| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
14331| [61094] Apache Roller up to 5.0 cross site scripting
14332| [61093] Apache Roller up to 5.0 cross site request forgery
14333| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
14334| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
14335| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
14336| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
14337| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
14338| [60708] Apache Qpid 0.12 unknown vulnerability
14339| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
14340| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
14341| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
14342| [4882] Apache Wicket up to 1.5.4 directory traversal
14343| [4881] Apache Wicket up to 1.4.19 cross site scripting
14344| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
14345| [60352] Apache Struts up to 2.2.3 memory corruption
14346| [60153] Apache Portable Runtime up to 1.4.3 denial of service
14347| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
14348| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
14349| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
14350| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
14351| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
14352| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
14353| [4571] Apache Struts up to 2.3.1.2 privilege escalation
14354| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
14355| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
14356| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
14357| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
14358| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
14359| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
14360| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14361| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
14362| [59888] Apache Tomcat up to 6.0.6 denial of service
14363| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
14364| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
14365| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
14366| [59850] Apache Geronimo up to 2.2.1 denial of service
14367| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
14368| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
14369| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
14370| [58413] Apache Tomcat up to 6.0.10 spoofing
14371| [58381] Apache Wicket up to 1.4.17 cross site scripting
14372| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
14373| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
14374| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
14375| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
14376| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14377| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
14378| [57568] Apache Archiva up to 1.3.4 cross site scripting
14379| [57567] Apache Archiva up to 1.3.4 cross site request forgery
14380| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
14381| [4355] Apache HTTP Server APR apr_fnmatch denial of service
14382| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
14383| [57425] Apache Struts up to 2.2.1.1 cross site scripting
14384| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
14385| [57025] Apache Tomcat up to 7.0.11 information disclosure
14386| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
14387| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
14388| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14389| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
14390| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
14391| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
14392| [56512] Apache Continuum up to 1.4.0 cross site scripting
14393| [4285] Apache Tomcat 5.x JVM getLocale denial of service
14394| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
14395| [4283] Apache Tomcat 5.x ServletContect privilege escalation
14396| [56441] Apache Tomcat up to 7.0.6 denial of service
14397| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
14398| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
14399| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
14400| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
14401| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
14402| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
14403| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
14404| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
14405| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
14406| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
14407| [54693] Apache Traffic Server DNS Cache unknown vulnerability
14408| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
14409| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
14410| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
14411| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
14412| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
14413| [54012] Apache Tomcat up to 6.0.10 denial of service
14414| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
14415| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
14416| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
14417| [52894] Apache Tomcat up to 6.0.7 information disclosure
14418| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
14419| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
14420| [52786] Apache Open For Business Project up to 09.04 cross site scripting
14421| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
14422| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
14423| [52584] Apache CouchDB up to 0.10.1 information disclosure
14424| [51757] Apache HTTP Server 2.0.44 cross site scripting
14425| [51756] Apache HTTP Server 2.0.44 spoofing
14426| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
14427| [51690] Apache Tomcat up to 6.0 directory traversal
14428| [51689] Apache Tomcat up to 6.0 information disclosure
14429| [51688] Apache Tomcat up to 6.0 directory traversal
14430| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
14431| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
14432| [50626] Apache Solr 1.0.0 cross site scripting
14433| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
14434| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
14435| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
14436| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
14437| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
14438| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
14439| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
14440| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
14441| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
14442| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
14443| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
14444| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
14445| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
14446| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
14447| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
14448| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
14449| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
14450| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
14451| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
14452| [47214] Apachefriends xampp 1.6.8 spoofing
14453| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
14454| [47162] Apachefriends XAMPP 1.4.4 weak authentication
14455| [47065] Apache Tomcat 4.1.23 cross site scripting
14456| [46834] Apache Tomcat up to 5.5.20 cross site scripting
14457| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
14458| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
14459| [86625] Apache Struts directory traversal
14460| [44461] Apache Tomcat up to 5.5.0 information disclosure
14461| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
14462| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
14463| [43663] Apache Tomcat up to 6.0.16 directory traversal
14464| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
14465| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
14466| [43516] Apache Tomcat up to 4.1.20 directory traversal
14467| [43509] Apache Tomcat up to 6.0.13 cross site scripting
14468| [42637] Apache Tomcat up to 6.0.16 cross site scripting
14469| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
14470| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
14471| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
14472| [40924] Apache Tomcat up to 6.0.15 information disclosure
14473| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
14474| [40922] Apache Tomcat up to 6.0 information disclosure
14475| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
14476| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
14477| [40656] Apache Tomcat 5.5.20 information disclosure
14478| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
14479| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
14480| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
14481| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
14482| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
14483| [40234] Apache Tomcat up to 6.0.15 directory traversal
14484| [40221] Apache HTTP Server 2.2.6 information disclosure
14485| [40027] David Castro Apache Authcas 0.4 sql injection
14486| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
14487| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
14488| [3414] Apache Tomcat WebDAV Stored privilege escalation
14489| [39489] Apache Jakarta Slide up to 2.1 directory traversal
14490| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
14491| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
14492| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
14493| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
14494| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
14495| [38524] Apache Geronimo 2.0 unknown vulnerability
14496| [3256] Apache Tomcat up to 6.0.13 cross site scripting
14497| [38331] Apache Tomcat 4.1.24 information disclosure
14498| [38330] Apache Tomcat 4.1.24 information disclosure
14499| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
14500| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
14501| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
14502| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
14503| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
14504| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
14505| [37292] Apache Tomcat up to 5.5.1 cross site scripting
14506| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
14507| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
14508| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
14509| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
14510| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
14511| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
14512| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
14513| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
14514| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
14515| [36225] XAMPP Apache Distribution 1.6.0a sql injection
14516| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
14517| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
14518| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
14519| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
14520| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
14521| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
14522| [34252] Apache HTTP Server denial of service
14523| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
14524| [33877] Apache Opentaps 0.9.3 cross site scripting
14525| [33876] Apache Open For Business Project unknown vulnerability
14526| [33875] Apache Open For Business Project cross site scripting
14527| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
14528| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
14529|
14530| MITRE CVE - https://cve.mitre.org:
14531| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
14532| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
14533| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
14534| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
14535| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
14536| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
14537| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
14538| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
14539| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
14540| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
14541| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
14542| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
14543| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
14544| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
14545| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
14546| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
14547| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
14548| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
14549| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
14550| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
14551| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
14552| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
14553| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
14554| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
14555| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
14556| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
14557| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
14558| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
14559| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
14560| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
14561| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14562| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
14563| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
14564| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
14565| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
14566| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
14567| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
14568| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
14569| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
14570| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
14571| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
14572| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14573| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14574| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14575| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14576| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
14577| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
14578| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
14579| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
14580| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
14581| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
14582| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
14583| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
14584| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
14585| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
14586| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
14587| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
14588| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
14589| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
14590| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
14591| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
14592| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
14593| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
14594| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
14595| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14596| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14597| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14598| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14599| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14600| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14601| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14602| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14603| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14604| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14605| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14606| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14607| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14608| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14609| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14610| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14611| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14612| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14613| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14614| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14615| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14616| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14617| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14618| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14619| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14620| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14621| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14622| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14623| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14624| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14625| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14626| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14627| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14628| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14629| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14630| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14631| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14632| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14633| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14634| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14635| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14636| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14637| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14638| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14639| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14640| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14641| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14642| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14643| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14644| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14645| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14646| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14647| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14648| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14649| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14650| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14651| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14652| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14653| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14654| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14655| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14656| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14657| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14658| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14659| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14660| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14661| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14662| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14663| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14664| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14665| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14666| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14667| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14668| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14669| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14670| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14671| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14672| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14673| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14674| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14675| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14676| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14677| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14678| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14679| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14680| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14681| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14682| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14683| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14684| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14685| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14686| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14687| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14688| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14689| [CVE-2011-1318] Memory leak in org.apach certificate.e.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14690| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14691| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14692| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14693| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14694| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14695| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14696| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14697| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14698| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14699| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14700| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14701| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14702| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14703| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14704| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14705| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14706| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14707| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14708| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14709| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14710| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14711| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14712| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14713| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14714| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14715| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14716| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14717| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14718| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14719| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14720| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14721| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14722| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14723| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14724| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14725| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14726| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14727| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14728| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14729| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14730| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14731| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14732| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14733| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14734| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14735| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14736| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14737| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14738| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14739| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14740| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14741| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14742| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14743| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14744| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14745| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14746| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14747| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14748| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14749| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14750| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14751| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14752| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14753| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14754| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14755| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14756| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14757| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14758| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14759| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14760| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14761| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14762| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14763| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14764| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14765| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14766| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14767| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14768| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14769| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14770| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14771| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14772| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14773| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14774| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14775| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14776| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14777| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14778| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14779| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14780| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14781| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14782| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14783| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14784| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14785| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14786| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14787| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14788| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14789| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14790| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14791| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14792| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14793| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14794| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14795| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14796| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14797| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14798| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14799| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14800| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14801| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14802| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14803| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14804| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14805| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14806| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14807| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14808| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14809| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14810| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14811| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14812| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14813| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14814| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14815| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14816| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14817| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14818| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14819| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14820| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14821| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14822| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14823| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14824| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14825| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14826| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14827| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14828| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14829| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14830| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14831| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14832| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14833| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14834| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14835| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14836| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14837| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14838| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14839| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14840| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14841| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14842| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14843| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14844| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14845| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14846| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14847| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14848| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14849| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14850| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14851| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14852| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14853| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14854| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14855| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14856| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14857| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14858| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14859| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14860| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14861| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14862| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14863| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14864| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14865| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14866| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14867| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14868| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14869| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14870| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14871| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14872| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14873| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14874| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14875| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14876| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14877| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14878| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14879| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14880| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14881| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14882| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14883| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14884| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14885| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14886| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14887| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14888| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14889| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14890| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14891| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14892| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14893| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14894| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14895| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14896| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14897| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14898| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14899| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14900| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14901| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14902| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14903| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14904| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14905| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14906| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14907| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14908| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14909| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14910| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14911| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14912| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14913| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14914| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14915| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14916| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14917| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14918| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14919| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14920| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14921| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14922| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14923| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14924| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14925| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14926| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14927| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14928| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14929| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14930| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14931| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14932| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14933| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14934| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14935| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14936| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14937| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14938| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14939| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14940| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14941| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14942| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14943| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14944| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14945| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14946| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14947| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14948| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14949| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14950| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14951| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14952| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14953| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14954| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14955| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14956| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14957| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14958| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14959| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14960| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14961| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14962| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14963| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14964| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14965| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14966| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14967| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14968| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14969| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14970| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14971| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14972| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14973| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14974| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14975| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14976| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14977| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14978| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14979| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14980| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14981| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14982| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14983| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14984| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14985| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14986| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14987| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14988| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14989| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14990| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14991| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14992| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14993| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14994| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14995| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14996| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14997| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14998| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14999| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
15000| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
15001| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
15002| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
15003| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
15004| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
15005| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
15006| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
15007| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
15008| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
15009| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
15010| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
15011| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
15012| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
15013| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
15014| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
15015| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
15016| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
15017| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
15018| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15019| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15020| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15021| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
15022| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
15023| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
15024| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
15025| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
15026| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
15027| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
15028| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
15029| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
15030| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
15031| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
15032| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
15033| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
15034| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
15035| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15036| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
15037| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
15038| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
15039| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
15040| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
15041| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
15042| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
15043| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
15044| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
15045| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
15046| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
15047| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15048| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
15049| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
15050| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
15051| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
15052| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
15053| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
15054| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
15055| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
15056| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
15057| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
15058| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
15059| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
15060| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
15061| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
15062| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
15063| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
15064| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
15065| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15066| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
15067| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
15068| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
15069| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
15070| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
15071| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
15072| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
15073| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
15074| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
15075| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
15076| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
15077| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15078| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
15079| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
15080| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
15081| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15082| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
15083| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
15084| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15085| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
15086| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
15087| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
15088| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
15089| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
15090| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
15091| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
15092| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
15093| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
15094| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
15095| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
15096| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
15097| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
15098| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
15099| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
15100| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
15101| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
15102| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
15103| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
15104| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
15105| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
15106| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
15107| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
15108| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
15109| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
15110| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
15111| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
15112| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
15113| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
15114| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
15115| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
15116| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
15117| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
15118| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
15119| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
15120| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
15121| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
15122| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
15123| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
15124| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
15125| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
15126| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
15127| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
15128| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
15129| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
15130| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
15131| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
15132| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
15133| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15134| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
15135| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
15136| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
15137| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
15138| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
15139| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
15140|
15141| SecurityFocus - https://www.securityfocus.com/bid/:
15142| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
15143| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
15144| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
15145| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
15146| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
15147| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
15148| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
15149| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
15150| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
15151| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
15152| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
15153| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
15154| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
15155| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
15156| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
15157| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
15158| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
15159| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
15160| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
15161| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
15162| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
15163| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
15164| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
15165| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
15166| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
15167| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
15168| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
15169| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
15170| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
15171| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
15172| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
15173| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
15174| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
15175| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
15176| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
15177| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
15178| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
15179| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
15180| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
15181| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
15182| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
15183| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
15184| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
15185| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
15186| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
15187| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
15188| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
15189| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
15190| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
15191| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
15192| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
15193| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
15194| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
15195| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
15196| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
15197| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
15198| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
15199| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
15200| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
15201| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
15202| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
15203| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
15204| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
15205| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
15206| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
15207| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
15208| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
15209| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
15210| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
15211| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
15212| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
15213| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
15214| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
15215| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
15216| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
15217| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
15218| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
15219| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
15220| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
15221| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
15222| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
15223| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
15224| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
15225| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
15226| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
15227| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
15228| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
15229| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
15230| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
15231| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
15232| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
15233| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
15234| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
15235| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
15236| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
15237| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
15238| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
15239| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
15240| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
15241| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
15242| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
15243| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
15244| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
15245| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
15246| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
15247| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
15248| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
15249| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
15250| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
15251| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
15252| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
15253| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
15254| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
15255| [100447] Apache2Triad Multiple Security Vulnerabilities
15256| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
15257| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
15258| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
15259| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
15260| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
15261| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
15262| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
15263| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
15264| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
15265| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
15266| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
15267| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
15268| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
15269| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
15270| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
15271| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
15272| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
15273| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
15274| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
15275| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
15276| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
15277| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
15278| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
15279| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
15280| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
15281| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
15282| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
15283| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
15284| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
15285| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
15286| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
15287| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
15288| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
15289| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
15290| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
15291| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
15292| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
15293| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
15294| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
15295| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
15296| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
15297| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
15298| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
15299| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
15300| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
15301| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
15302| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
15303| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
15304| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
15305| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
15306| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
15307| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
15308| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
15309| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
15310| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
15311| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
15312| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
15313| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
15314| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
15315| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
15316| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
15317| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
15318| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
15319| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
15320| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
15321| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
15322| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
15323| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
15324| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
15325| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
15326| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
15327| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
15328| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
15329| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
15330| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
15331| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
15332| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
15333| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
15334| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
15335| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
15336| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
15337| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
15338| [95675] Apache Struts Remote Code Execution Vulnerability
15339| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
15340| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
15341| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
15342| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
15343| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
15344| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
15345| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
15346| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
15347| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
15348| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
15349| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
15350| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
15351| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
15352| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
15353| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
15354| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
15355| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
15356| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
15357| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
15358| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
15359| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
15360| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
15361| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
15362| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
15363| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
15364| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
15365| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
15366| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
15367| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
15368| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
15369| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
15370| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
15371| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
15372| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
15373| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
15374| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
15375| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
15376| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
15377| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
15378| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
15379| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
15380| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
15381| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
15382| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
15383| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
15384| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
15385| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
15386| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
15387| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
15388| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
15389| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
15390| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
15391| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
15392| [91736] Apache XML-RPC Multiple Security Vulnerabilities
15393| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
15394| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
15395| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
15396| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
15397| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
15398| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
15399| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
15400| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
15401| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
15402| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
15403| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
15404| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
15405| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
15406| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
15407| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
15408| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
15409| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
15410| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
15411| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
15412| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
15413| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
15414| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
15415| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
15416| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
15417| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
15418| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
15419| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
15420| [90482] Apache CVE-2004-1387 Local Security Vulnerability
15421| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
15422| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
15423| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
15424| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
15425| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
15426| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
15427| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
15428| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
15429| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
15430| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
15431| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
15432| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
15433| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
15434| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
15435| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
15436| [86399] Apache CVE-2007-1743 Local Security Vulnerability
15437| [86397] Apache CVE-2007-1742 Local Security Vulnerability
15438| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
15439| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
15440| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
15441| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
15442| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
15443| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
15444| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
15445| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
15446| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
15447| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
15448| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
15449| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
15450| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
15451| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
15452| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
15453| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
15454| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
15455| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
15456| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
15457| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
15458| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
15459| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
15460| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
15461| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
15462| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
15463| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
15464| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
15465| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
15466| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
15467| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
15468| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
15469| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
15470| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
15471| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
15472| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
15473| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
15474| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
15475| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
15476| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
15477| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
15478| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
15479| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
15480| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
15481| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
15482| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
15483| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
15484| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
15485| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
15486| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
15487| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
15488| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
15489| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
15490| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
15491| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
15492| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
15493| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
15494| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
15495| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
15496| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
15497| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
15498| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
15499| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
15500| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
15501| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
15502| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
15503| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
15504| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
15505| [76933] Apache James Server Unspecified Command Execution Vulnerability
15506| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
15507| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
15508| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
15509| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
15510| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
15511| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
15512| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
15513| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
15514| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
15515| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
15516| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
15517| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
15518| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
15519| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
15520| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
15521| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
15522| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
15523| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
15524| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
15525| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
15526| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
15527| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
15528| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
15529| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
15530| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
15531| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
15532| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
15533| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
15534| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
15535| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
15536| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
15537| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
15538| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
15539| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
15540| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
15541| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
15542| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
15543| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
15544| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
15545| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
15546| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
15547| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
15548| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
15549| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
15550| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
15551| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
15552| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
15553| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
15554| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
15555| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
15556| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
15557| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
15558| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
15559| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
15560| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
15561| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
15562| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
15563| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
15564| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
15565| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
15566| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
15567| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
15568| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
15569| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
15570| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
15571| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
15572| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
15573| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
15574| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
15575| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
15576| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
15577| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
15578| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
15579| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
15580| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
15581| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
15582| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
15583| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
15584| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
15585| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
15586| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
15587| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
15588| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
15589| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
15590| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
15591| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
15592| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
15593| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
15594| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
15595| [68229] Apache Harmony PRNG Entropy Weakness
15596| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15597| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15598| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15599| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15600| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15601| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15602| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15603| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15604| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15605| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15606| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15607| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15608| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15609| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15610| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15611| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15612| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15613| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15614| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15615| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15616| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15617| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15618| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15619| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15620| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15621| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15622| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15623| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15624| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15625| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15626| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15627| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15628| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15629| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15630| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15631| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15632| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15633| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15634| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15635| [64780] Apache CloudStack Unauthorized Access Vulnerability
15636| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15637| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15638| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15639| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15640| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15641| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15642| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15643| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15644| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15645| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15646| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15647| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15648| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15649| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15650| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15651| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15652| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15653| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15654| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15655| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15656| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15657| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15658| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15659| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15660| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15661| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15662| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15663| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15664| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15665| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15666| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15667| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15668| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15669| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15670| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15671| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15672| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15673| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15674| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15675| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15676| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15677| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15678| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15679| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15680| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15681| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15682| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15683| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15684| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15685| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15686| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15687| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15688| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15689| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15690| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15691| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15692| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15693| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15694| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15695| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15696| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15697| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15698| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15699| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15700| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15701| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15702| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15703| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15704| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15705| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15706| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15707| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15708| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15709| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15710| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15711| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15712| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15713| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15714| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15715| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15716| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15717| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15718| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15719| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15720| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15721| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15722| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15723| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15724| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15725| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15726| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15727| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15728| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15729| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15730| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15731| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15732| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15733| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15734| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15735| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15736| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15737| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15738| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15739| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15740| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15741| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15742| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15743| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15744| [54798] Apache Libcloud Man In The Middle Vulnerability
15745| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15746| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15747| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15748| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15749| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15750| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15751| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15752| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15753| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15754| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15755| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15756| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15757| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15758| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15759| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15760| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15761| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15762| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15763| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15764| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15765| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15766| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15767| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15768| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15769| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15770| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15771| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15772| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15773| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15774| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15775| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15776| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15777| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15778| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15779| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15780| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15781| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15782| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15783| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15784| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15785| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15786| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15787| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15788| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15789| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15790| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15791| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15792| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15793| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15794| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15795| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15796| [49290] Apache Wicket Cross Site Scripting Vulnerability
15797| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15798| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15799| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15800| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15801| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15802| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15803| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15804| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15805| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15806| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15807| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15808| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15809| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15810| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15811| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15812| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15813| [46953] Apache MPM-ITK Module Security Weakness
15814| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15815| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15816| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15817| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15818| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15819| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15820| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15821| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15822| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15823| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15824| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15825| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15826| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15827| [44616] Apache Shiro Directory Traversal Vulnerability
15828| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15829| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15830| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15831| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15832| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15833| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15834| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15835| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15836| [42492] Apache CXF XML DTD Processing Security Vulnerability
15837| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15838| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15839| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15840| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15841| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15842| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15843| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15844| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15845| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15846| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15847| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15848| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15849| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15850| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15851| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15852| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15853| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15854| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15855| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15856| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15857| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15858| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15859| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15860| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15861| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15862| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15863| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15864| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15865| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15866| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15867| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15868| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15869| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15870| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15871| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15872| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15873| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15874| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15875| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15876| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15877| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15878| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15879| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15880| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15881| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15882| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15883| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15884| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15885| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15886| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15887| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15888| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15889| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15890| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15891| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15892| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15893| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15894| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15895| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15896| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15897| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15898| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15899| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15900| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15901| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15902| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15903| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15904| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15905| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15906| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15907| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15908| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15909| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15910| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15911| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15912| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15913| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15914| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15915| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15916| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15917| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15918| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15919| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15920| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15921| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15922| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15923| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15924| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15925| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15926| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15927| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15928| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15929| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15930| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15931| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15932| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15933| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15934| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15935| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15936| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15937| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15938| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15939| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15940| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15941| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15942| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15943| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15944| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15945| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15946| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15947| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15948| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15949| [20527] Apache Mod_TCL Remote Format String Vulnerability
15950| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15951| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15952| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15953| [19106] Apache Tomcat Information Disclosure Vulnerability
15954| [18138] Apache James SMTP Denial Of Service Vulnerability
15955| [17342] Apache Struts Multiple Remote Vulnerabilities
15956| [17095] Apache Log4Net Denial Of Service Vulnerability
15957| [16916] Apache mod_python FileSession Code Execution Vulnerability
15958| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15959| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15960| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15961| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15962| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15963| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15964| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15965| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15966| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15967| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15968| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15969| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15970| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15971| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15972| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15973| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15974| [14106] Apache HTTP Request Smuggling Vulnerability
15975| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15976| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15977| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15978| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15979| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15980| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15981| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15982| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15983| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15984| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15985| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15986| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15987| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15988| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15989| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15990| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15991| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15992| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15993| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15994| [11094] Apache mod_ssl Denial Of Service Vulnerability
15995| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15996| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15997| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15998| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15999| [10478] ClueCentral Apache Suexec Patch Security Weakness
16000| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
16001| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
16002| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
16003| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
16004| [9921] Apache Connection Blocking Denial Of Service Vulnerability
16005| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
16006| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
16007| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
16008| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
16009| [9733] Apache Cygwin Directory Traversal Vulnerability
16010| [9599] Apache mod_php Global Variables Information Disclosure Weakness
16011| [9590] Apache-SSL Client Certificate Forging Vulnerability
16012| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
16013| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
16014| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
16015| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
16016| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
16017| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
16018| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
16019| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
16020| [8898] Red Hat Apache Directory Index Default Configuration Error
16021| [8883] Apache Cocoon Directory Traversal Vulnerability
16022| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
16023| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
16024| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
16025| [8707] Apache htpasswd Password Entropy Weakness
16026| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
16027| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
16028| [8226] Apache HTTP Server Multiple Vulnerabilities
16029| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
16030| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
16031| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
16032| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
16033| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
16034| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
16035| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
16036| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
16037| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
16038| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
16039| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
16040| [7255] Apache Web Server File Descriptor Leakage Vulnerability
16041| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16042| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
16043| [6939] Apache Web Server ETag Header Information Disclosure Weakness
16044| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
16045| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
16046| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
16047| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
16048| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
16049| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
16050| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
16051| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
16052| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
16053| [6117] Apache mod_php File Descriptor Leakage Vulnerability
16054| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
16055| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
16056| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
16057| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
16058| [5992] Apache HTDigest Insecure Temporary File Vulnerability
16059| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
16060| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
16061| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
16062| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
16063| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
16064| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16065| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
16066| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
16067| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
16068| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
16069| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16070| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
16071| [5485] Apache 2.0 Path Disclosure Vulnerability
16072| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16073| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
16074| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
16075| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
16076| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
16077| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
16078| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
16079| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
16080| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
16081| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
16082| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
16083| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
16084| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
16085| [4437] Apache Error Message Cross-Site Scripting Vulnerability
16086| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
16087| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
16088| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
16089| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
16090| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
16091| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
16092| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
16093| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
16094| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
16095| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
16096| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
16097| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
16098| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
16099| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
16100| [3596] Apache Split-Logfile File Append Vulnerability
16101| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
16102| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
16103| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
16104| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
16105| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
16106| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
16107| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
16108| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
16109| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
16110| [3169] Apache Server Address Disclosure Vulnerability
16111| [3009] Apache Possible Directory Index Disclosure Vulnerability
16112| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
16113| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
16114| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
16115| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
16116| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
16117| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
16118| [2216] Apache Web Server DoS Vulnerability
16119| [2182] Apache /tmp File Race Vulnerability
16120| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
16121| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
16122| [1821] Apache mod_cookies Buffer Overflow Vulnerability
16123| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
16124| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
16125| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
16126| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
16127| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
16128| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
16129| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
16130| [1457] Apache::ASP source.asp Example Script Vulnerability
16131| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
16132| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
16133|
16134| IBM X-Force - https://exchange.xforce.ibmcloud.com:
16135| [86258] Apache CloudStack text fields cross-site scripting
16136| [85983] Apache Subversion mod_dav_svn module denial of service
16137| [85875] Apache OFBiz UEL code execution
16138| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
16139| [85871] Apache HTTP Server mod_session_dbd unspecified
16140| [85756] Apache Struts OGNL expression command execution
16141| [85755] Apache Struts DefaultActionMapper class open redirect
16142| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
16143| [85574] Apache HTTP Server mod_dav denial of service
16144| [85573] Apache Struts Showcase App OGNL code execution
16145| [85496] Apache CXF denial of service
16146| [85423] Apache Geronimo RMI classloader code execution
16147| [85326] Apache Santuario XML Security for C++ buffer overflow
16148| [85323] Apache Santuario XML Security for Java spoofing
16149| [85319] Apache Qpid Python client SSL spoofing
16150| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
16151| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
16152| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
16153| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
16154| [84952] Apache Tomcat CVE-2012-3544 denial of service
16155| [84763] Apache Struts CVE-2013-2135 security bypass
16156| [84762] Apache Struts CVE-2013-2134 security bypass
16157| [84719] Apache Subversion CVE-2013-2088 command execution
16158| [84718] Apache Subversion CVE-2013-2112 denial of service
16159| [84717] Apache Subversion CVE-2013-1968 denial of service
16160| [84577] Apache Tomcat security bypass
16161| [84576] Apache Tomcat symlink
16162| [84543] Apache Struts CVE-2013-2115 security bypass
16163| [84542] Apache Struts CVE-2013-1966 security bypass
16164| [84154] Apache Tomcat session hijacking
16165| [84144] Apache Tomcat denial of service
16166| [84143] Apache Tomcat information disclosure
16167| [84111] Apache HTTP Server command execution
16168| [84043] Apache Virtual Computing Lab cross-site scripting
16169| [84042] Apache Virtual Computing Lab cross-site scripting
16170| [83782] Apache CloudStack information disclosure
16171| [83781] Apache CloudStack security bypass
16172| [83720] Apache ActiveMQ cross-site scripting
16173| [83719] Apache ActiveMQ denial of service
16174| [83718] Apache ActiveMQ denial of service
16175| [83263] Apache Subversion denial of service
16176| [83262] Apache Subversion denial of service
16177| [83261] Apache Subversion denial of service
16178| [83259] Apache Subversion denial of service
16179| [83035] Apache mod_ruid2 security bypass
16180| [82852] Apache Qpid federation_tag security bypass
16181| [82851] Apache Qpid qpid::framing::Buffer denial of service
16182| [82758] Apache Rave User RPC API information disclosure
16183| [82663] Apache Subversion svn_fs_file_length() denial of service
16184| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
16185| [82641] Apache Qpid AMQP denial of service
16186| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
16187| [82618] Apache Commons FileUpload symlink
16188| [82360] Apache HTTP Server manager interface cross-site scripting
16189| [82359] Apache HTTP Server hostnames cross-site scripting
16190| [82338] Apache Tomcat log/logdir information disclosure
16191| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
16192| [82268] Apache OpenJPA deserialization command execution
16193| [81981] Apache CXF UsernameTokens security bypass
16194| [81980] Apache CXF WS-Security security bypass
16195| [81398] Apache OFBiz cross-site scripting
16196| [81240] Apache CouchDB directory traversal
16197| [81226] Apache CouchDB JSONP code execution
16198| [81225] Apache CouchDB Futon user interface cross-site scripting
16199| [81211] Apache Axis2/C SSL spoofing
16200| [81167] Apache CloudStack DeployVM information disclosure
16201| [81166] Apache CloudStack AddHost API information disclosure
16202| [81165] Apache CloudStack createSSHKeyPair API information disclosure
16203| [80518] Apache Tomcat cross-site request forgery security bypass
16204| [80517] Apache Tomcat FormAuthenticator security bypass
16205| [80516] Apache Tomcat NIO denial of service
16206| [80408] Apache Tomcat replay-countermeasure security bypass
16207| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
16208| [80317] Apache Tomcat slowloris denial of service
16209| [79984] Apache Commons HttpClient SSL spoofing
16210| [79983] Apache CXF SSL spoofing
16211| [79830] Apache Axis2/Java SSL spoofing
16212| [79829] Apache Axis SSL spoofing
16213| [79809] Apache Tomcat DIGEST security bypass
16214| [79806] Apache Tomcat parseHeaders() denial of service
16215| [79540] Apache OFBiz unspecified
16216| [79487] Apache Axis2 SAML security bypass
16217| [79212] Apache Cloudstack code execution
16218| [78734] Apache CXF SOAP Action security bypass
16219| [78730] Apache Qpid broker denial of service
16220| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
16221| [78563] Apache mod_pagespeed module unspecified cross-site scripting
16222| [78562] Apache mod_pagespeed module security bypass
16223| [78454] Apache Axis2 security bypass
16224| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
16225| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
16226| [78321] Apache Wicket unspecified cross-site scripting
16227| [78183] Apache Struts parameters denial of service
16228| [78182] Apache Struts cross-site request forgery
16229| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
16230| [77987] mod_rpaf module for Apache denial of service
16231| [77958] Apache Struts skill name code execution
16232| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
16233| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
16234| [77568] Apache Qpid broker security bypass
16235| [77421] Apache Libcloud spoofing
16236| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
16237| [77046] Oracle Solaris Apache HTTP Server information disclosure
16238| [76837] Apache Hadoop information disclosure
16239| [76802] Apache Sling CopyFrom denial of service
16240| [76692] Apache Hadoop symlink
16241| [76535] Apache Roller console cross-site request forgery
16242| [76534] Apache Roller weblog cross-site scripting
16243| [76152] Apache CXF elements security bypass
16244| [76151] Apache CXF child policies security bypass
16245| [75983] MapServer for Windows Apache file include
16246| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
16247| [75558] Apache POI denial of service
16248| [75545] PHP apache_request_headers() buffer overflow
16249| [75302] Apache Qpid SASL security bypass
16250| [75211] Debian GNU/Linux apache 2 cross-site scripting
16251| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
16252| [74871] Apache OFBiz FlexibleStringExpander code execution
16253| [74870] Apache OFBiz multiple cross-site scripting
16254| [74750] Apache Hadoop unspecified spoofing
16255| [74319] Apache Struts XSLTResult.java file upload
16256| [74313] Apache Traffic Server header buffer overflow
16257| [74276] Apache Wicket directory traversal
16258| [74273] Apache Wicket unspecified cross-site scripting
16259| [74181] Apache HTTP Server mod_fcgid module denial of service
16260| [73690] Apache Struts OGNL code execution
16261| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
16262| [73100] Apache MyFaces in directory traversal
16263| [73096] Apache APR hash denial of service
16264| [73052] Apache Struts name cross-site scripting
16265| [73030] Apache CXF UsernameToken security bypass
16266| [72888] Apache Struts lastName cross-site scripting
16267| [72758] Apache HTTP Server httpOnly information disclosure
16268| [72757] Apache HTTP Server MPM denial of service
16269| [72585] Apache Struts ParameterInterceptor security bypass
16270| [72438] Apache Tomcat Digest security bypass
16271| [72437] Apache Tomcat Digest security bypass
16272| [72436] Apache Tomcat DIGEST security bypass
16273| [72425] Apache Tomcat parameter denial of service
16274| [72422] Apache Tomcat request object information disclosure
16275| [72377] Apache HTTP Server scoreboard security bypass
16276| [72345] Apache HTTP Server HTTP request denial of service
16277| [72229] Apache Struts ExceptionDelegator command execution
16278| [72089] Apache Struts ParameterInterceptor directory traversal
16279| [72088] Apache Struts CookieInterceptor command execution
16280| [72047] Apache Geronimo hash denial of service
16281| [72016] Apache Tomcat hash denial of service
16282| [71711] Apache Struts OGNL expression code execution
16283| [71654] Apache Struts interfaces security bypass
16284| [71620] Apache ActiveMQ failover denial of service
16285| [71617] Apache HTTP Server mod_proxy module information disclosure
16286| [71508] Apache MyFaces EL security bypass
16287| [71445] Apache HTTP Server mod_proxy security bypass
16288| [71203] Apache Tomcat servlets privilege escalation
16289| [71181] Apache HTTP Server ap_pregsub() denial of service
16290| [71093] Apache HTTP Server ap_pregsub() buffer overflow
16291| [70336] Apache HTTP Server mod_proxy information disclosure
16292| [69804] Apache HTTP Server mod_proxy_ajp denial of service
16293| [69472] Apache Tomcat AJP security bypass
16294| [69396] Apache HTTP Server ByteRange filter denial of service
16295| [69394] Apache Wicket multi window support cross-site scripting
16296| [69176] Apache Tomcat XML information disclosure
16297| [69161] Apache Tomcat jsvc information disclosure
16298| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
16299| [68541] Apache Tomcat sendfile information disclosure
16300| [68420] Apache XML Security denial of service
16301| [68238] Apache Tomcat JMX information disclosure
16302| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
16303| [67804] Apache Subversion control rules information disclosure
16304| [67803] Apache Subversion control rules denial of service
16305| [67802] Apache Subversion baselined denial of service
16306| [67672] Apache Archiva multiple cross-site scripting
16307| [67671] Apache Archiva multiple cross-site request forgery
16308| [67564] Apache APR apr_fnmatch() denial of service
16309| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
16310| [67515] Apache Tomcat annotations security bypass
16311| [67480] Apache Struts s:submit information disclosure
16312| [67414] Apache APR apr_fnmatch() denial of service
16313| [67356] Apache Struts javatemplates cross-site scripting
16314| [67354] Apache Struts Xwork cross-site scripting
16315| [66676] Apache Tomcat HTTP BIO information disclosure
16316| [66675] Apache Tomcat web.xml security bypass
16317| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
16318| [66241] Apache HttpComponents information disclosure
16319| [66154] Apache Tomcat ServletSecurity security bypass
16320| [65971] Apache Tomcat ServletSecurity security bypass
16321| [65876] Apache Subversion mod_dav_svn denial of service
16322| [65343] Apache Continuum unspecified cross-site scripting
16323| [65162] Apache Tomcat NIO connector denial of service
16324| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
16325| [65160] Apache Tomcat HTML Manager interface cross-site scripting
16326| [65159] Apache Tomcat ServletContect security bypass
16327| [65050] Apache CouchDB web-based administration UI cross-site scripting
16328| [64773] Oracle HTTP Server Apache Plugin unauthorized access
16329| [64473] Apache Subversion blame -g denial of service
16330| [64472] Apache Subversion walk() denial of service
16331| [64407] Apache Axis2 CVE-2010-0219 code execution
16332| [63926] Apache Archiva password privilege escalation
16333| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
16334| [63493] Apache Archiva credentials cross-site request forgery
16335| [63477] Apache Tomcat HttpOnly session hijacking
16336| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
16337| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
16338| [62959] Apache Shiro filters security bypass
16339| [62790] Apache Perl cgi module denial of service
16340| [62576] Apache Qpid exchange denial of service
16341| [62575] Apache Qpid AMQP denial of service
16342| [62354] Apache Qpid SSL denial of service
16343| [62235] Apache APR-util apr_brigade_split_line() denial of service
16344| [62181] Apache XML-RPC SAX Parser information disclosure
16345| [61721] Apache Traffic Server cache poisoning
16346| [61202] Apache Derby BUILTIN authentication functionality information disclosure
16347| [61186] Apache CouchDB Futon cross-site request forgery
16348| [61169] Apache CXF DTD denial of service
16349| [61070] Apache Jackrabbit search.jsp SQL injection
16350| [61006] Apache SLMS Quoting cross-site request forgery
16351| [60962] Apache Tomcat time cross-site scripting
16352| [60883] Apache mod_proxy_http information disclosure
16353| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
16354| [60264] Apache Tomcat Transfer-Encoding denial of service
16355| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
16356| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
16357| [59413] Apache mod_proxy_http timeout information disclosure
16358| [59058] Apache MyFaces unencrypted view state cross-site scripting
16359| [58827] Apache Axis2 xsd file include
16360| [58790] Apache Axis2 modules cross-site scripting
16361| [58299] Apache ActiveMQ queueBrowse cross-site scripting
16362| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
16363| [58056] Apache ActiveMQ .jsp source code disclosure
16364| [58055] Apache Tomcat realm name information disclosure
16365| [58046] Apache HTTP Server mod_auth_shadow security bypass
16366| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
16367| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
16368| [57429] Apache CouchDB algorithms information disclosure
16369| [57398] Apache ActiveMQ Web console cross-site request forgery
16370| [57397] Apache ActiveMQ createDestination.action cross-site scripting
16371| [56653] Apache HTTP Server DNS spoofing
16372| [56652] Apache HTTP Server DNS cross-site scripting
16373| [56625] Apache HTTP Server request header information disclosure
16374| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
16375| [56623] Apache HTTP Server mod_proxy_ajp denial of service
16376| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
16377| [55857] Apache Tomcat WAR files directory traversal
16378| [55856] Apache Tomcat autoDeploy attribute security bypass
16379| [55855] Apache Tomcat WAR directory traversal
16380| [55210] Intuit component for Joomla! Apache information disclosure
16381| [54533] Apache Tomcat 404 error page cross-site scripting
16382| [54182] Apache Tomcat admin default password
16383| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
16384| [53666] Apache HTTP Server Solaris pollset support denial of service
16385| [53650] Apache HTTP Server HTTP basic-auth module security bypass
16386| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
16387| [53041] mod_proxy_ftp module for Apache denial of service
16388| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
16389| [51953] Apache Tomcat Path Disclosure
16390| [51952] Apache Tomcat Path Traversal
16391| [51951] Apache stronghold-status Information Disclosure
16392| [51950] Apache stronghold-info Information Disclosure
16393| [51949] Apache PHP Source Code Disclosure
16394| [51948] Apache Multiviews Attack
16395| [51946] Apache JServ Environment Status Information Disclosure
16396| [51945] Apache error_log Information Disclosure
16397| [51944] Apache Default Installation Page Pattern Found
16398| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
16399| [51942] Apache AXIS XML External Entity File Retrieval
16400| [51941] Apache AXIS Sample Servlet Information Leak
16401| [51940] Apache access_log Information Disclosure
16402| [51626] Apache mod_deflate denial of service
16403| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
16404| [51365] Apache Tomcat RequestDispatcher security bypass
16405| [51273] Apache HTTP Server Incomplete Request denial of service
16406| [51195] Apache Tomcat XML information disclosure
16407| [50994] Apache APR-util xml/apr_xml.c denial of service
16408| [50993] Apache APR-util apr_brigade_vprintf denial of service
16409| [50964] Apache APR-util apr_strmatch_precompile() denial of service
16410| [50930] Apache Tomcat j_security_check information disclosure
16411| [50928] Apache Tomcat AJP denial of service
16412| [50884] Apache HTTP Server XML ENTITY denial of service
16413| [50808] Apache HTTP Server AllowOverride privilege escalation
16414| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
16415| [50059] Apache mod_proxy_ajp information disclosure
16416| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
16417| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
16418| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
16419| [49921] Apache ActiveMQ Web interface cross-site scripting
16420| [49898] Apache Geronimo Services/Repository directory traversal
16421| [49725] Apache Tomcat mod_jk module information disclosure
16422| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
16423| [49712] Apache Struts unspecified cross-site scripting
16424| [49213] Apache Tomcat cal2.jsp cross-site scripting
16425| [48934] Apache Tomcat POST doRead method information disclosure
16426| [48211] Apache Tomcat header HTTP request smuggling
16427| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
16428| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
16429| [47709] Apache Roller "
16430| [47104] Novell Netware ApacheAdmin console security bypass
16431| [47086] Apache HTTP Server OS fingerprinting unspecified
16432| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
16433| [45791] Apache Tomcat RemoteFilterValve security bypass
16434| [44435] Oracle WebLogic Apache Connector buffer overflow
16435| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
16436| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
16437| [44156] Apache Tomcat RequestDispatcher directory traversal
16438| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
16439| [43885] Oracle WebLogic Server Apache Connector buffer overflow
16440| [42987] Apache HTTP Server mod_proxy module denial of service
16441| [42915] Apache Tomcat JSP files path disclosure
16442| [42914] Apache Tomcat MS-DOS path disclosure
16443| [42892] Apache Tomcat unspecified unauthorized access
16444| [42816] Apache Tomcat Host Manager cross-site scripting
16445| [42303] Apache 403 error cross-site scripting
16446| [41618] Apache-SSL ExpandCert() authentication bypass
16447| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
16448| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
16449| [40614] Apache mod_jk2 HTTP Host header buffer overflow
16450| [40562] Apache Geronimo init information disclosure
16451| [40478] Novell Web Manager webadmin-apache.conf security bypass
16452| [40411] Apache Tomcat exception handling information disclosure
16453| [40409] Apache Tomcat native (APR based) connector weak security
16454| [40403] Apache Tomcat quotes and %5C cookie information disclosure
16455| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
16456| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
16457| [39867] Apache HTTP Server mod_negotiation cross-site scripting
16458| [39804] Apache Tomcat SingleSignOn information disclosure
16459| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
16460| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
16461| [39608] Apache HTTP Server balancer manager cross-site request forgery
16462| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
16463| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
16464| [39472] Apache HTTP Server mod_status cross-site scripting
16465| [39201] Apache Tomcat JULI logging weak security
16466| [39158] Apache HTTP Server Windows SMB shares information disclosure
16467| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
16468| [38951] Apache::AuthCAS Perl module cookie SQL injection
16469| [38800] Apache HTTP Server 413 error page cross-site scripting
16470| [38211] Apache Geronimo SQLLoginModule authentication bypass
16471| [37243] Apache Tomcat WebDAV directory traversal
16472| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
16473| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
16474| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
16475| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
16476| [36782] Apache Geronimo MEJB unauthorized access
16477| [36586] Apache HTTP Server UTF-7 cross-site scripting
16478| [36468] Apache Geronimo LoginModule security bypass
16479| [36467] Apache Tomcat functions.jsp cross-site scripting
16480| [36402] Apache Tomcat calendar cross-site request forgery
16481| [36354] Apache HTTP Server mod_proxy module denial of service
16482| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
16483| [36336] Apache Derby lock table privilege escalation
16484| [36335] Apache Derby schema privilege escalation
16485| [36006] Apache Tomcat "
16486| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
16487| [35999] Apache Tomcat \"
16488| [35795] Apache Tomcat CookieExample cross-site scripting
16489| [35536] Apache Tomcat SendMailServlet example cross-site scripting
16490| [35384] Apache HTTP Server mod_cache module denial of service
16491| [35097] Apache HTTP Server mod_status module cross-site scripting
16492| [35095] Apache HTTP Server Prefork MPM module denial of service
16493| [34984] Apache HTTP Server recall_headers information disclosure
16494| [34966] Apache HTTP Server MPM content spoofing
16495| [34965] Apache HTTP Server MPM information disclosure
16496| [34963] Apache HTTP Server MPM multiple denial of service
16497| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
16498| [34869] Apache Tomcat JSP example Web application cross-site scripting
16499| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
16500| [34496] Apache Tomcat JK Connector security bypass
16501| [34377] Apache Tomcat hello.jsp cross-site scripting
16502| [34212] Apache Tomcat SSL configuration security bypass
16503| [34210] Apache Tomcat Accept-Language cross-site scripting
16504| [34209] Apache Tomcat calendar application cross-site scripting
16505| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
16506| [34167] Apache Axis WSDL file path disclosure
16507| [34068] Apache Tomcat AJP connector information disclosure
16508| [33584] Apache HTTP Server suEXEC privilege escalation
16509| [32988] Apache Tomcat proxy module directory traversal
16510| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
16511| [32708] Debian Apache tty privilege escalation
16512| [32441] ApacheStats extract() PHP call unspecified
16513| [32128] Apache Tomcat default account
16514| [31680] Apache Tomcat RequestParamExample cross-site scripting
16515| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
16516| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
16517| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
16518| [30456] Apache mod_auth_kerb off-by-one buffer overflow
16519| [29550] Apache mod_tcl set_var() format string
16520| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
16521| [28357] Apache HTTP Server mod_alias script source information disclosure
16522| [28063] Apache mod_rewrite off-by-one buffer overflow
16523| [27902] Apache Tomcat URL information disclosure
16524| [26786] Apache James SMTP server denial of service
16525| [25680] libapache2 /tmp/svn file upload
16526| [25614] Apache Struts lookupMap cross-site scripting
16527| [25613] Apache Struts ActionForm denial of service
16528| [25612] Apache Struts isCancelled() security bypass
16529| [24965] Apache mod_python FileSession command execution
16530| [24716] Apache James spooler memory leak denial of service
16531| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
16532| [24158] Apache Geronimo jsp-examples cross-site scripting
16533| [24030] Apache auth_ldap module multiple format strings
16534| [24008] Apache mod_ssl custom error message denial of service
16535| [24003] Apache mod_auth_pgsql module multiple syslog format strings
16536| [23612] Apache mod_imap referer field cross-site scripting
16537| [23173] Apache Struts error message cross-site scripting
16538| [22942] Apache Tomcat directory listing denial of service
16539| [22858] Apache Multi-Processing Module code allows denial of service
16540| [22602] RHSA-2005:582 updates for Apache httpd not installed
16541| [22520] Apache mod-auth-shadow "
16542| [22466] ApacheTop symlink
16543| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
16544| [22006] Apache HTTP Server byte-range filter denial of service
16545| [21567] Apache mod_ssl off-by-one buffer overflow
16546| [21195] Apache HTTP Server header HTTP request smuggling
16547| [20383] Apache HTTP Server htdigest buffer overflow
16548| [19681] Apache Tomcat AJP12 request denial of service
16549| [18993] Apache HTTP server check_forensic symlink attack
16550| [18790] Apache Tomcat Manager cross-site scripting
16551| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
16552| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
16553| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
16554| [17961] Apache Web server ServerTokens has not been set
16555| [17930] Apache HTTP Server HTTP GET request denial of service
16556| [17785] Apache mod_include module buffer overflow
16557| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
16558| [17473] Apache HTTP Server Satisfy directive allows access to resources
16559| [17413] Apache htpasswd buffer overflow
16560| [17384] Apache HTTP Server environment variable configuration file buffer overflow
16561| [17382] Apache HTTP Server IPv6 apr_util denial of service
16562| [17366] Apache HTTP Server mod_dav module LOCK denial of service
16563| [17273] Apache HTTP Server speculative mode denial of service
16564| [17200] Apache HTTP Server mod_ssl denial of service
16565| [16890] Apache HTTP Server server-info request has been detected
16566| [16889] Apache HTTP Server server-status request has been detected
16567| [16705] Apache mod_ssl format string attack
16568| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
16569| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
16570| [16230] Apache HTTP Server PHP denial of service
16571| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
16572| [15958] Apache HTTP Server authentication modules memory corruption
16573| [15547] Apache HTTP Server mod_disk_cache local information disclosure
16574| [15540] Apache HTTP Server socket starvation denial of service
16575| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
16576| [15422] Apache HTTP Server mod_access information disclosure
16577| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
16578| [15293] Apache for Cygwin "
16579| [15065] Apache-SSL has a default password
16580| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
16581| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
16582| [14751] Apache Mod_python output filter information disclosure
16583| [14125] Apache HTTP Server mod_userdir module information disclosure
16584| [14075] Apache HTTP Server mod_php file descriptor leak
16585| [13703] Apache HTTP Server account
16586| [13689] Apache HTTP Server configuration allows symlinks
16587| [13688] Apache HTTP Server configuration allows SSI
16588| [13687] Apache HTTP Server Server: header value
16589| [13685] Apache HTTP Server ServerTokens value
16590| [13684] Apache HTTP Server ServerSignature value
16591| [13672] Apache HTTP Server config allows directory autoindexing
16592| [13671] Apache HTTP Server default content
16593| [13670] Apache HTTP Server config file directive references outside content root
16594| [13668] Apache HTTP Server httpd not running in chroot environment
16595| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16596| [13664] Apache HTTP Server config file contains ScriptAlias entry
16597| [13663] Apache HTTP Server CGI support modules loaded
16598| [13661] Apache HTTP Server config file contains AddHandler entry
16599| [13660] Apache HTTP Server 500 error page not CGI script
16600| [13659] Apache HTTP Server 413 error page not CGI script
16601| [13658] Apache HTTP Server 403 error page not CGI script
16602| [13657] Apache HTTP Server 401 error page not CGI script
16603| [13552] Apache HTTP Server mod_cgid module information disclosure
16604| [13550] Apache GET request directory traversal
16605| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16606| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16607| [13429] Apache Tomcat non-HTTP request denial of service
16608| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16609| [13295] Apache weak password encryption
16610| [13254] Apache Tomcat .jsp cross-site scripting
16611| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16612| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16613| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16614| [12662] Apache HTTP Server rotatelogs denial of service
16615| [12554] Apache Tomcat stores password in plain text
16616| [12553] Apache HTTP Server redirects and subrequests denial of service
16617| [12552] Apache HTTP Server FTP proxy server denial of service
16618| [12551] Apache HTTP Server prefork MPM denial of service
16619| [12550] Apache HTTP Server weaker than expected encryption
16620| [12549] Apache HTTP Server type-map file denial of service
16621| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16622| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16623| [12091] Apache HTTP Server apr_password_validate denial of service
16624| [12090] Apache HTTP Server apr_psprintf code execution
16625| [11804] Apache HTTP Server mod_access_referer denial of service
16626| [11750] Apache HTTP Server could leak sensitive file descriptors
16627| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16628| [11703] Apache long slash path allows directory listing
16629| [11695] Apache HTTP Server LF (Line Feed) denial of service
16630| [11694] Apache HTTP Server filestat.c denial of service
16631| [11438] Apache HTTP Server MIME message boundaries information disclosure
16632| [11412] Apache HTTP Server error log terminal escape sequence injection
16633| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16634| [11195] Apache Tomcat web.xml could be used to read files
16635| [11194] Apache Tomcat URL appended with a null character could list directories
16636| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16637| [11126] Apache HTTP Server illegal character file disclosure
16638| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16639| [11124] Apache HTTP Server DOS device name denial of service
16640| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16641| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16642| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16643| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16644| [10499] Apache HTTP Server WebDAV HTTP POST view source
16645| [10457] Apache HTTP Server mod_ssl "
16646| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16647| [10414] Apache HTTP Server htdigest multiple buffer overflows
16648| [10413] Apache HTTP Server htdigest temporary file race condition
16649| [10412] Apache HTTP Server htpasswd temporary file race condition
16650| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16651| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16652| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16653| [10280] Apache HTTP Server shared memory scorecard overwrite
16654| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16655| [10241] Apache HTTP Server Host: header cross-site scripting
16656| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16657| [10208] Apache HTTP Server mod_dav denial of service
16658| [10206] HP VVOS Apache mod_ssl denial of service
16659| [10200] Apache HTTP Server stderr denial of service
16660| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16661| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16662| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16663| [10098] Slapper worm targets OpenSSL/Apache systems
16664| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16665| [9875] Apache HTTP Server .var file request could disclose installation path
16666| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16667| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16668| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16669| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16670| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16671| [9396] Apache Tomcat null character to threads denial of service
16672| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16673| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16674| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16675| [8932] Apache Tomcat example class information disclosure
16676| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16677| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16678| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16679| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16680| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16681| [8400] Apache HTTP Server mod_frontpage buffer overflows
16682| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16683| [8308] Apache "
16684| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16685| [8119] Apache and PHP OPTIONS request reveals "
16686| [8054] Apache is running on the system
16687| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16688| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16689| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16690| [7836] Apache HTTP Server log directory denial of service
16691| [7815] Apache for Windows "
16692| [7810] Apache HTTP request could result in unexpected behavior
16693| [7599] Apache Tomcat reveals installation path
16694| [7494] Apache "
16695| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16696| [7363] Apache Web Server hidden HTTP requests
16697| [7249] Apache mod_proxy denial of service
16698| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16699| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16700| [7059] Apache "
16701| [7057] Apache "
16702| [7056] Apache "
16703| [7055] Apache "
16704| [7054] Apache "
16705| [6997] Apache Jakarta Tomcat error message may reveal information
16706| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16707| [6970] Apache crafted HTTP request could reveal the internal IP address
16708| [6921] Apache long slash path allows directory listing
16709| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16710| [6527] Apache Web Server for Windows and OS2 denial of service
16711| [6316] Apache Jakarta Tomcat may reveal JSP source code
16712| [6305] Apache Jakarta Tomcat directory traversal
16713| [5926] Linux Apache symbolic link
16714| [5659] Apache Web server discloses files when used with php script
16715| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16716| [5204] Apache WebDAV directory listings
16717| [5197] Apache Web server reveals CGI script source code
16718| [5160] Apache Jakarta Tomcat default installation
16719| [5099] Trustix Secure Linux installs Apache with world writable access
16720| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16721| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16722| [4931] Apache source.asp example file allows users to write to files
16723| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16724| [4205] Apache Jakarta Tomcat delivers file contents
16725| [2084] Apache on Debian by default serves the /usr/doc directory
16726| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16727| [697] Apache HTTP server beck exploit
16728| [331] Apache cookies buffer overflow
16729|
16730| Exploit-DB - https://www.exploit-db.com:
16731| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16732| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16733| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16734| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16735| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16736| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16737| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16738| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16739| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16740| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16741| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16742| [29859] Apache Roller OGNL Injection
16743| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16744| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16745| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16746| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16747| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16748| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16749| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16750| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16751| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16752| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16753| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16754| [27096] Apache Geronimo 1.0 Error Page XSS
16755| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16756| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16757| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16758| [25986] Plesk Apache Zeroday Remote Exploit
16759| [25980] Apache Struts includeParams Remote Code Execution
16760| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16761| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16762| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16763| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16764| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16765| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16766| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16767| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16768| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16769| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16770| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16771| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16772| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16773| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16774| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16775| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16776| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16777| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16778| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16779| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16780| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16781| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16782| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16783| [21719] Apache 2.0 Path Disclosure Vulnerability
16784| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16785| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16786| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16787| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16788| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16789| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16790| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16791| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16792| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16793| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16794| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16795| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16796| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16797| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16798| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16799| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16800| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16801| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16802| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16803| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16804| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16805| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16806| [20558] Apache 1.2 Web Server DoS Vulnerability
16807| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16808| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16809| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16810| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16811| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16812| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16813| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16814| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16815| [19231] PHP apache_request_headers Function Buffer Overflow
16816| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16817| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16818| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16819| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16820| [18442] Apache httpOnly Cookie Disclosure
16821| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16822| [18221] Apache HTTP Server Denial of Service
16823| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16824| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16825| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16826| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16827| [16782] Apache Win32 Chunked Encoding
16828| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16829| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16830| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16831| [15319] Apache 2.2 (Windows) Local Denial of Service
16832| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16833| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16834| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16835| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16836| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16837| [12330] Apache OFBiz - Multiple XSS
16838| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16839| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16840| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16841| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16842| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16843| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16844| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16845| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16846| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16847| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16848| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16849| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16850| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16851| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16852| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16853| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16854| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16855| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16856| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16857| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16858| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16859| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16860| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16861| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16862| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16863| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16864| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16865| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16866| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16867| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16868| [466] htpasswd Apache 1.3.31 - Local Exploit
16869| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16870| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16871| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16872| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16873| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16874| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16875| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16876| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16877| [9] Apache HTTP Server 2.x Memory Leak Exploit
16878|
16879| OpenVAS (Nessus) - http://www.openvas.org:
16880| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16881| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16882| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16883| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16884| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16885| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16886| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16887| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16888| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16889| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16890| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16891| [900571] Apache APR-Utils Version Detection
16892| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16893| [900496] Apache Tiles Multiple XSS Vulnerability
16894| [900493] Apache Tiles Version Detection
16895| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16896| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16897| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16898| [870175] RedHat Update for apache RHSA-2008:0004-01
16899| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16900| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16901| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16902| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16903| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16904| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16905| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16906| [855821] Solaris Update for Apache 1.3 122912-19
16907| [855812] Solaris Update for Apache 1.3 122911-19
16908| [855737] Solaris Update for Apache 1.3 122911-17
16909| [855731] Solaris Update for Apache 1.3 122912-17
16910| [855695] Solaris Update for Apache 1.3 122911-16
16911| [855645] Solaris Update for Apache 1.3 122912-16
16912| [855587] Solaris Update for kernel update and Apache 108529-29
16913| [855566] Solaris Update for Apache 116973-07
16914| [855531] Solaris Update for Apache 116974-07
16915| [855524] Solaris Update for Apache 2 120544-14
16916| [855494] Solaris Update for Apache 1.3 122911-15
16917| [855478] Solaris Update for Apache Security 114145-11
16918| [855472] Solaris Update for Apache Security 113146-12
16919| [855179] Solaris Update for Apache 1.3 122912-15
16920| [855147] Solaris Update for kernel update and Apache 108528-29
16921| [855077] Solaris Update for Apache 2 120543-14
16922| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16923| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16924| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16925| [841209] Ubuntu Update for apache2 USN-1627-1
16926| [840900] Ubuntu Update for apache2 USN-1368-1
16927| [840798] Ubuntu Update for apache2 USN-1259-1
16928| [840734] Ubuntu Update for apache2 USN-1199-1
16929| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16930| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16931| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16932| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16933| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16934| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16935| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16936| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16937| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16938| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16939| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16940| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16941| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16942| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16943| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16944| [835188] HP-UX Update for Apache HPSBUX02308
16945| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16946| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16947| [835172] HP-UX Update for Apache HPSBUX02365
16948| [835168] HP-UX Update for Apache HPSBUX02313
16949| [835148] HP-UX Update for Apache HPSBUX01064
16950| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16951| [835131] HP-UX Update for Apache HPSBUX00256
16952| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16953| [835104] HP-UX Update for Apache HPSBUX00224
16954| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16955| [835101] HP-UX Update for Apache HPSBUX01232
16956| [835080] HP-UX Update for Apache HPSBUX02273
16957| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16958| [835044] HP-UX Update for Apache HPSBUX01019
16959| [835040] HP-UX Update for Apache PHP HPSBUX00207
16960| [835025] HP-UX Update for Apache HPSBUX00197
16961| [835023] HP-UX Update for Apache HPSBUX01022
16962| [835022] HP-UX Update for Apache HPSBUX02292
16963| [835005] HP-UX Update for Apache HPSBUX02262
16964| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16965| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16966| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16967| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16968| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16969| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16970| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16971| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16972| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16973| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16974| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16975| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16976| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16977| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16978| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16979| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16980| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16981| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16982| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16983| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16984| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16985| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16986| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16987| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16988| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16989| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16990| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16991| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16992| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16993| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16994| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16995| [801942] Apache Archiva Multiple Vulnerabilities
16996| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16997| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16998| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16999| [801284] Apache Derby Information Disclosure Vulnerability
17000| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
17001| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
17002| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
17003| [800680] Apache APR Version Detection
17004| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
17005| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
17006| [800677] Apache Roller Version Detection
17007| [800279] Apache mod_jk Module Version Detection
17008| [800278] Apache Struts Cross Site Scripting Vulnerability
17009| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
17010| [800276] Apache Struts Version Detection
17011| [800271] Apache Struts Directory Traversal Vulnerability
17012| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
17013| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
17014| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
17015| [103122] Apache Web Server ETag Header Information Disclosure Weakness
17016| [103074] Apache Continuum Cross Site Scripting Vulnerability
17017| [103073] Apache Continuum Detection
17018| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
17019| [101023] Apache Open For Business Weak Password security check
17020| [101020] Apache Open For Business HTML injection vulnerability
17021| [101019] Apache Open For Business service detection
17022| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
17023| [100923] Apache Archiva Detection
17024| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
17025| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
17026| [100813] Apache Axis2 Detection
17027| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
17028| [100795] Apache Derby Detection
17029| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
17030| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
17031| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
17032| [100514] Apache Multiple Security Vulnerabilities
17033| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
17034| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
17035| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
17036| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17037| [72626] Debian Security Advisory DSA 2579-1 (apache2)
17038| [72612] FreeBSD Ports: apache22
17039| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
17040| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
17041| [71512] FreeBSD Ports: apache
17042| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
17043| [71256] Debian Security Advisory DSA 2452-1 (apache2)
17044| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
17045| [70737] FreeBSD Ports: apache
17046| [70724] Debian Security Advisory DSA 2405-1 (apache2)
17047| [70600] FreeBSD Ports: apache
17048| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
17049| [70235] Debian Security Advisory DSA 2298-2 (apache2)
17050| [70233] Debian Security Advisory DSA 2298-1 (apache2)
17051| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
17052| [69338] Debian Security Advisory DSA 2202-1 (apache2)
17053| [67868] FreeBSD Ports: apache
17054| [66816] FreeBSD Ports: apache
17055| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17056| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
17057| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
17058| [66081] SLES11: Security update for Apache 2
17059| [66074] SLES10: Security update for Apache 2
17060| [66070] SLES9: Security update for Apache 2
17061| [65998] SLES10: Security update for apache2-mod_python
17062| [65893] SLES10: Security update for Apache 2
17063| [65888] SLES10: Security update for Apache 2
17064| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
17065| [65510] SLES9: Security update for Apache 2
17066| [65472] SLES9: Security update for Apache
17067| [65467] SLES9: Security update for Apache
17068| [65450] SLES9: Security update for apache2
17069| [65390] SLES9: Security update for Apache2
17070| [65363] SLES9: Security update for Apache2
17071| [65309] SLES9: Security update for Apache and mod_ssl
17072| [65296] SLES9: Security update for webdav apache module
17073| [65283] SLES9: Security update for Apache2
17074| [65249] SLES9: Security update for Apache 2
17075| [65230] SLES9: Security update for Apache 2
17076| [65228] SLES9: Security update for Apache 2
17077| [65212] SLES9: Security update for apache2-mod_python
17078| [65209] SLES9: Security update for apache2-worker
17079| [65207] SLES9: Security update for Apache 2
17080| [65168] SLES9: Security update for apache2-mod_python
17081| [65142] SLES9: Security update for Apache2
17082| [65136] SLES9: Security update for Apache 2
17083| [65132] SLES9: Security update for apache
17084| [65131] SLES9: Security update for Apache 2 oes/CORE
17085| [65113] SLES9: Security update for apache2
17086| [65072] SLES9: Security update for apache and mod_ssl
17087| [65017] SLES9: Security update for Apache 2
17088| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
17089| [64783] FreeBSD Ports: apache
17090| [64774] Ubuntu USN-802-2 (apache2)
17091| [64653] Ubuntu USN-813-2 (apache2)
17092| [64559] Debian Security Advisory DSA 1834-2 (apache2)
17093| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17094| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
17095| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
17096| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
17097| [64443] Ubuntu USN-802-1 (apache2)
17098| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
17099| [64423] Debian Security Advisory DSA 1834-1 (apache2)
17100| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
17101| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
17102| [64251] Debian Security Advisory DSA 1816-1 (apache2)
17103| [64201] Ubuntu USN-787-1 (apache2)
17104| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
17105| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
17106| [63565] FreeBSD Ports: apache
17107| [63562] Ubuntu USN-731-1 (apache2)
17108| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
17109| [61185] FreeBSD Ports: apache
17110| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
17111| [60387] Slackware Advisory SSA:2008-045-02 apache
17112| [58826] FreeBSD Ports: apache-tomcat
17113| [58825] FreeBSD Ports: apache-tomcat
17114| [58804] FreeBSD Ports: apache
17115| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
17116| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
17117| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
17118| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
17119| [57335] Debian Security Advisory DSA 1167-1 (apache)
17120| [57201] Debian Security Advisory DSA 1131-1 (apache)
17121| [57200] Debian Security Advisory DSA 1132-1 (apache2)
17122| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
17123| [57145] FreeBSD Ports: apache
17124| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
17125| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
17126| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
17127| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
17128| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
17129| [56067] FreeBSD Ports: apache
17130| [55803] Slackware Advisory SSA:2005-310-04 apache
17131| [55519] Debian Security Advisory DSA 839-1 (apachetop)
17132| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
17133| [55355] FreeBSD Ports: apache
17134| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
17135| [55261] Debian Security Advisory DSA 805-1 (apache2)
17136| [55259] Debian Security Advisory DSA 803-1 (apache)
17137| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
17138| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
17139| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
17140| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
17141| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
17142| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
17143| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
17144| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
17145| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
17146| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
17147| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
17148| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
17149| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
17150| [54439] FreeBSD Ports: apache
17151| [53931] Slackware Advisory SSA:2004-133-01 apache
17152| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
17153| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
17154| [53878] Slackware Advisory SSA:2003-308-01 apache security update
17155| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
17156| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
17157| [53848] Debian Security Advisory DSA 131-1 (apache)
17158| [53784] Debian Security Advisory DSA 021-1 (apache)
17159| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
17160| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
17161| [53735] Debian Security Advisory DSA 187-1 (apache)
17162| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
17163| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
17164| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
17165| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
17166| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
17167| [53282] Debian Security Advisory DSA 594-1 (apache)
17168| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
17169| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
17170| [53215] Debian Security Advisory DSA 525-1 (apache)
17171| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
17172| [52529] FreeBSD Ports: apache+ssl
17173| [52501] FreeBSD Ports: apache
17174| [52461] FreeBSD Ports: apache
17175| [52390] FreeBSD Ports: apache
17176| [52389] FreeBSD Ports: apache
17177| [52388] FreeBSD Ports: apache
17178| [52383] FreeBSD Ports: apache
17179| [52339] FreeBSD Ports: apache+mod_ssl
17180| [52331] FreeBSD Ports: apache
17181| [52329] FreeBSD Ports: ru-apache+mod_ssl
17182| [52314] FreeBSD Ports: apache
17183| [52310] FreeBSD Ports: apache
17184| [15588] Detect Apache HTTPS
17185| [15555] Apache mod_proxy content-length buffer overflow
17186| [15554] Apache mod_include priviledge escalation
17187| [14771] Apache <= 1.3.33 htpasswd local overflow
17188| [14177] Apache mod_access rule bypass
17189| [13644] Apache mod_rootme Backdoor
17190| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
17191| [12280] Apache Connection Blocking Denial of Service
17192| [12239] Apache Error Log Escape Sequence Injection
17193| [12123] Apache Tomcat source.jsp malformed request information disclosure
17194| [12085] Apache Tomcat servlet/JSP container default files
17195| [11438] Apache Tomcat Directory Listing and File disclosure
17196| [11204] Apache Tomcat Default Accounts
17197| [11092] Apache 2.0.39 Win32 directory traversal
17198| [11046] Apache Tomcat TroubleShooter Servlet Installed
17199| [11042] Apache Tomcat DOS Device Name XSS
17200| [11041] Apache Tomcat /servlet Cross Site Scripting
17201| [10938] Apache Remote Command Execution via .bat files
17202| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
17203| [10773] MacOS X Finder reveals contents of Apache Web files
17204| [10766] Apache UserDir Sensitive Information Disclosure
17205| [10756] MacOS X Finder reveals contents of Apache Web directories
17206| [10752] Apache Auth Module SQL Insertion Attack
17207| [10704] Apache Directory Listing
17208| [10678] Apache /server-info accessible
17209| [10677] Apache /server-status accessible
17210| [10440] Check for Apache Multiple / vulnerability
17211|
17212| SecurityTracker - https://www.securitytracker.com:
17213| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
17214| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
17215| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
17216| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
17217| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17218| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17219| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17220| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
17221| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
17222| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
17223| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17224| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
17225| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
17226| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17227| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
17228| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
17229| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
17230| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
17231| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
17232| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
17233| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
17234| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
17235| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
17236| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17237| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
17238| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17239| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17240| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
17241| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
17242| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17243| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
17244| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
17245| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
17246| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
17247| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
17248| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
17249| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
17250| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
17251| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
17252| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
17253| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
17254| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
17255| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
17256| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
17257| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
17258| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
17259| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17260| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
17261| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
17262| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
17263| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
17264| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
17265| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
17266| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
17267| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
17268| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
17269| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
17270| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
17271| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
17272| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
17273| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
17274| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
17275| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
17276| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
17277| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
17278| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
17279| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
17280| [1024096] Apache mod_proxy_http May Return Results for a Different Request
17281| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
17282| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
17283| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
17284| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
17285| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
17286| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
17287| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
17288| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
17289| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
17290| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
17291| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
17292| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
17293| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
17294| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17295| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
17296| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
17297| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
17298| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
17299| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
17300| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17301| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
17302| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
17303| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
17304| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
17305| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
17306| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
17307| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
17308| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
17309| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
17310| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
17311| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
17312| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
17313| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
17314| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
17315| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
17316| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
17317| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
17318| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
17319| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
17320| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
17321| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
17322| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
17323| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
17324| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
17325| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
17326| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
17327| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
17328| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
17329| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
17330| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
17331| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
17332| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
17333| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
17334| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
17335| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
17336| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
17337| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
17338| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
17339| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
17340| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
17341| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
17342| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
17343| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
17344| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
17345| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
17346| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
17347| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
17348| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
17349| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
17350| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
17351| [1008920] Apache mod_digest May Validate Replayed Client Responses
17352| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
17353| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
17354| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
17355| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
17356| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
17357| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
17358| [1008030] Apache mod_rewrite Contains a Buffer Overflow
17359| [1008029] Apache mod_alias Contains a Buffer Overflow
17360| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
17361| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
17362| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
17363| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
17364| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
17365| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
17366| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
17367| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
17368| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
17369| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
17370| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
17371| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
17372| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
17373| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
17374| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
17375| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
17376| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
17377| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
17378| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
17379| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
17380| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
17381| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
17382| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
17383| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
17384| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
17385| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
17386| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
17387| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
17388| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
17389| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
17390| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
17391| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
17392| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
17393| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
17394| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
17395| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
17396| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
17397| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
17398| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17399| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17400| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
17401| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
17402| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
17403| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
17404| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
17405| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
17406| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
17407| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
17408| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
17409| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
17410| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
17411| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
17412| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
17413| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
17414| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
17415| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
17416|
17417| OSVDB - http://www.osvdb.org:
17418| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
17419| [96077] Apache CloudStack Global Settings Multiple Field XSS
17420| [96076] Apache CloudStack Instances Menu Display Name Field XSS
17421| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
17422| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
17423| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
17424| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
17425| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
17426| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
17427| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
17428| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
17429| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
17430| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17431| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
17432| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
17433| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
17434| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
17435| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17436| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
17437| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
17438| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
17439| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
17440| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
17441| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
17442| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
17443| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
17444| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
17445| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
17446| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
17447| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
17448| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
17449| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
17450| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
17451| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
17452| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
17453| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
17454| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
17455| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
17456| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
17457| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
17458| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
17459| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
17460| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
17461| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
17462| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
17463| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
17464| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
17465| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
17466| [94279] Apache Qpid CA Certificate Validation Bypass
17467| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
17468| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
17469| [94042] Apache Axis JAX-WS Java Unspecified Exposure
17470| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
17471| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
17472| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
17473| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
17474| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
17475| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
17476| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
17477| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
17478| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
17479| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
17480| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
17481| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
17482| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
17483| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
17484| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
17485| [93541] Apache Solr json.wrf Callback XSS
17486| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
17487| [93521] Apache jUDDI Security API Token Session Persistence Weakness
17488| [93520] Apache CloudStack Default SSL Key Weakness
17489| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
17490| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
17491| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
17492| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
17493| [93515] Apache HBase table.jsp name Parameter XSS
17494| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
17495| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
17496| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
17497| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
17498| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
17499| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
17500| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
17501| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
17502| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
17503| [93252] Apache Tomcat FORM Authenticator Session Fixation
17504| [93172] Apache Camel camel/endpoints/ Endpoint XSS
17505| [93171] Apache Sling HtmlResponse Error Message XSS
17506| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
17507| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
17508| [93168] Apache Click ErrorReport.java id Parameter XSS
17509| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
17510| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
17511| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
17512| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
17513| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
17514| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
17515| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
17516| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
17517| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
17518| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
17519| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
17520| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
17521| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
17522| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
17523| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
17524| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
17525| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
17526| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
17527| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
17528| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
17529| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
17530| [93144] Apache Solr Admin Command Execution CSRF
17531| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
17532| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
17533| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
17534| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
17535| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
17536| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
17537| [92748] Apache CloudStack VM Console Access Restriction Bypass
17538| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
17539| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
17540| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
17541| [92706] Apache ActiveMQ Debug Log Rendering XSS
17542| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
17543| [92270] Apache Tomcat Unspecified CSRF
17544| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
17545| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
17546| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
17547| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
17548| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
17549| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
17550| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
17551| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
17552| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
17553| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
17554| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
17555| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
17556| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
17557| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
17558| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
17559| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
17560| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
17561| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
17562| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
17563| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
17564| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
17565| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
17566| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
17567| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
17568| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
17569| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
17570| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
17571| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
17572| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
17573| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
17574| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
17575| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
17576| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
17577| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
17578| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
17579| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
17580| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
17581| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
17582| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
17583| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
17584| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
17585| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
17586| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
17587| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
17588| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
17589| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
17590| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
17591| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
17592| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
17593| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
17594| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
17595| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17596| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17597| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17598| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17599| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17600| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17601| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17602| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17603| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17604| [86901] Apache Tomcat Error Message Path Disclosure
17605| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17606| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17607| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17608| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17609| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17610| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17611| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17612| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17613| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17614| [85430] Apache mod_pagespeed Module Unspecified XSS
17615| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17616| [85249] Apache Wicket Unspecified XSS
17617| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17618| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17619| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17620| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17621| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17622| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17623| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17624| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17625| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17626| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17627| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17628| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17629| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17630| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17631| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17632| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17633| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17634| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17635| [83339] Apache Roller Blogger Roll Unspecified XSS
17636| [83270] Apache Roller Unspecified Admin Action CSRF
17637| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17638| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17639| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17640| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17641| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17642| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17643| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17644| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17645| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17646| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17647| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17648| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17649| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17650| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17651| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17652| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17653| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17654| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17655| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17656| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17657| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17658| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17659| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17660| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17661| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17662| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17663| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17664| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17665| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17666| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17667| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17668| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17669| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17670| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17671| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17672| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17673| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17674| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17675| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17676| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17677| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17678| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17679| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17680| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17681| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17682| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17683| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17684| [77593] Apache Struts Conversion Error OGNL Expression Injection
17685| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17686| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17687| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17688| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17689| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17690| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17691| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17692| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17693| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17694| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17695| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17696| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17697| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17698| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17699| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17700| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17701| [74725] Apache Wicket Multi Window Support Unspecified XSS
17702| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17703| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17704| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17705| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17706| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17707| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17708| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17709| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17710| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17711| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17712| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17713| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17714| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17715| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17716| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17717| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17718| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17719| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17720| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17721| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17722| [73154] Apache Archiva Multiple Unspecified CSRF
17723| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17724| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17725| [72238] Apache Struts Action / Method Names <
17726| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17727| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17728| [71557] Apache Tomcat HTML Manager Multiple XSS
17729| [71075] Apache Archiva User Management Page XSS
17730| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17731| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17732| [70924] Apache Continuum Multiple Admin Function CSRF
17733| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17734| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17735| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17736| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17737| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17738| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17739| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17740| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17741| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17742| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17743| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17744| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17745| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17746| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17747| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17748| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17749| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17750| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17751| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17752| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17753| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17754| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17755| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17756| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17757| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17758| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17759| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17760| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17761| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17762| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17763| [65054] Apache ActiveMQ Jetty Error Handler XSS
17764| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17765| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17766| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17767| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17768| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17769| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17770| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17771| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17772| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17773| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17774| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17775| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17776| [63895] Apache HTTP Server mod_headers Unspecified Issue
17777| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17778| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17779| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17780| [63140] Apache Thrift Service Malformed Data Remote DoS
17781| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17782| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17783| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17784| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17785| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17786| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17787| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17788| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17789| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17790| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17791| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17792| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17793| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17794| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17795| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17796| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17797| [60678] Apache Roller Comment Email Notification Manipulation DoS
17798| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17799| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17800| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17801| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17802| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17803| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17804| [60232] PHP on Apache php.exe Direct Request Remote DoS
17805| [60176] Apache Tomcat Windows Installer Admin Default Password
17806| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17807| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17808| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17809| [59944] Apache Hadoop jobhistory.jsp XSS
17810| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17811| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17812| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17813| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17814| [59019] Apache mod_python Cookie Salting Weakness
17815| [59018] Apache Harmony Error Message Handling Overflow
17816| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17817| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17818| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17819| [59010] Apache Solr get-file.jsp XSS
17820| [59009] Apache Solr action.jsp XSS
17821| [59008] Apache Solr analysis.jsp XSS
17822| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17823| [59006] Apache Beehive select / checkbox Tag XSS
17824| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17825| [59004] Apache Beehive Error Message XSS
17826| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17827| [59002] Apache Jetspeed default-page.psml URI XSS
17828| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17829| [59000] Apache CXF Unsigned Message Policy Bypass
17830| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17831| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17832| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17833| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17834| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17835| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17836| [58993] Apache Hadoop browseBlock.jsp XSS
17837| [58991] Apache Hadoop browseDirectory.jsp XSS
17838| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17839| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17840| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17841| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17842| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17843| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17844| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17845| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17846| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17847| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17848| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17849| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17850| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17851| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17852| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17853| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17854| [58974] Apache Sling /apps Script User Session Management Access Weakness
17855| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17856| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17857| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17858| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17859| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17860| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17861| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17862| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17863| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17864| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17865| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17866| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17867| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17868| [58805] Apache Derby Unauthenticated Database / Admin Access
17869| [58804] Apache Wicket Header Contribution Unspecified Issue
17870| [58803] Apache Wicket Session Fixation
17871| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17872| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17873| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17874| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17875| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17876| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17877| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17878| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17879| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17880| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17881| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17882| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17883| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17884| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17885| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17886| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17887| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17888| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17889| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17890| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17891| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17892| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17893| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17894| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17895| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17896| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17897| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17898| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17899| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17900| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17901| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17902| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17903| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17904| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17905| [58755] Apache Harmony DRLVM Non-public Class Member Access
17906| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17907| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17908| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17909| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17910| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17911| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17912| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17913| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17914| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17915| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17916| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17917| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17918| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17919| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17920| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17921| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17922| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17923| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17924| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17925| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17926| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17927| [58724] Apache Roller Logout Functionality Failure Session Persistence
17928| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17929| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17930| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17931| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17932| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17933| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17934| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17935| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17936| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17937| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17938| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17939| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17940| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17941| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17942| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17943| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17944| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17945| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17946| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17947| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17948| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17949| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17950| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17951| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17952| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17953| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17954| [58687] Apache Axis Invalid wsdl Request XSS
17955| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17956| [58685] Apache Velocity Template Designer Privileged Code Execution
17957| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17958| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17959| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17960| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17961| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17962| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17963| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17964| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17965| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17966| [58667] Apache Roller Database Cleartext Passwords Disclosure
17967| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17968| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17969| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17970| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17971| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17972| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17973| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17974| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17975| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17976| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17977| [56984] Apache Xerces2 Java Malformed XML Input DoS
17978| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17979| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17980| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17981| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17982| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17983| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17984| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17985| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17986| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17987| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17988| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17989| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17990| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17991| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17992| [55056] Apache Tomcat Cross-application TLD File Manipulation
17993| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17994| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17995| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17996| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17997| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17998| [54589] Apache Jserv Nonexistent JSP Request XSS
17999| [54122] Apache Struts s:a / s:url Tag href Element XSS
18000| [54093] Apache ActiveMQ Web Console JMS Message XSS
18001| [53932] Apache Geronimo Multiple Admin Function CSRF
18002| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
18003| [53930] Apache Geronimo /console/portal/ URI XSS
18004| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
18005| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
18006| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
18007| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
18008| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
18009| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
18010| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
18011| [53380] Apache Struts Unspecified XSS
18012| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
18013| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
18014| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
18015| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
18016| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18017| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
18018| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
18019| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
18020| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
18021| [51151] Apache Roller Search Function q Parameter XSS
18022| [50482] PHP with Apache php_value Order Unspecified Issue
18023| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
18024| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
18025| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
18026| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
18027| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
18028| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
18029| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
18030| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
18031| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
18032| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
18033| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
18034| [47096] Oracle Weblogic Apache Connector POST Request Overflow
18035| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
18036| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
18037| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
18038| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
18039| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
18040| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
18041| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
18042| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
18043| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
18044| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
18045| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
18046| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
18047| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
18048| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
18049| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
18050| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
18051| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
18052| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
18053| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
18054| [43452] Apache Tomcat HTTP Request Smuggling
18055| [43309] Apache Geronimo LoginModule Login Method Bypass
18056| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
18057| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
18058| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
18059| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
18060| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
18061| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
18062| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
18063| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
18064| [42091] Apache Maven Site Plugin Installation Permission Weakness
18065| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
18066| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
18067| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
18068| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
18069| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
18070| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
18071| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
18072| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
18073| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
18074| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
18075| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
18076| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
18077| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
18078| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
18079| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
18080| [40262] Apache HTTP Server mod_status refresh XSS
18081| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
18082| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
18083| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
18084| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
18085| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
18086| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
18087| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
18088| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
18089| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
18090| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
18091| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
18092| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
18093| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
18094| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
18095| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
18096| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
18097| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
18098| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
18099| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
18100| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
18101| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
18102| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
18103| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
18104| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
18105| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
18106| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
18107| [36080] Apache Tomcat JSP Examples Crafted URI XSS
18108| [36079] Apache Tomcat Manager Uploaded Filename XSS
18109| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
18110| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
18111| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
18112| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
18113| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
18114| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
18115| [34881] Apache Tomcat Malformed Accept-Language Header XSS
18116| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
18117| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
18118| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
18119| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
18120| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
18121| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
18122| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
18123| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
18124| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
18125| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
18126| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
18127| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
18128| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
18129| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
18130| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
18131| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
18132| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
18133| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
18134| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
18135| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
18136| [32724] Apache mod_python _filter_read Freed Memory Disclosure
18137| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
18138| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
18139| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
18140| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
18141| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
18142| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
18143| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
18144| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
18145| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
18146| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
18147| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
18148| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
18149| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
18150| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
18151| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
18152| [24365] Apache Struts Multiple Function Error Message XSS
18153| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
18154| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
18155| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
18156| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
18157| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
18158| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
18159| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
18160| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
18161| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
18162| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
18163| [22459] Apache Geronimo Error Page XSS
18164| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
18165| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
18166| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
18167| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
18168| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
18169| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
18170| [21021] Apache Struts Error Message XSS
18171| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
18172| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
18173| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
18174| [20439] Apache Tomcat Directory Listing Saturation DoS
18175| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
18176| [20285] Apache HTTP Server Log File Control Character Injection
18177| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
18178| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
18179| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
18180| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
18181| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
18182| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
18183| [19821] Apache Tomcat Malformed Post Request Information Disclosure
18184| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
18185| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
18186| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
18187| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
18188| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
18189| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
18190| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
18191| [18233] Apache HTTP Server htdigest user Variable Overfow
18192| [17738] Apache HTTP Server HTTP Request Smuggling
18193| [16586] Apache HTTP Server Win32 GET Overflow DoS
18194| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
18195| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
18196| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
18197| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
18198| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
18199| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
18200| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
18201| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
18202| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
18203| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
18204| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
18205| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
18206| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
18207| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
18208| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
18209| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
18210| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
18211| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
18212| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
18213| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
18214| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
18215| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
18216| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
18217| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
18218| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
18219| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
18220| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
18221| [13304] Apache Tomcat realPath.jsp Path Disclosure
18222| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
18223| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
18224| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
18225| [12848] Apache HTTP Server htdigest realm Variable Overflow
18226| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
18227| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
18228| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
18229| [12557] Apache HTTP Server prefork MPM accept Error DoS
18230| [12233] Apache Tomcat MS-DOS Device Name Request DoS
18231| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
18232| [12231] Apache Tomcat web.xml Arbitrary File Access
18233| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
18234| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
18235| [12178] Apache Jakarta Lucene results.jsp XSS
18236| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
18237| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
18238| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
18239| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
18240| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
18241| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
18242| [10471] Apache Xerces-C++ XML Parser DoS
18243| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
18244| [10068] Apache HTTP Server htpasswd Local Overflow
18245| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
18246| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
18247| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
18248| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
18249| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
18250| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
18251| [9717] Apache HTTP Server mod_cookies Cookie Overflow
18252| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
18253| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
18254| [9714] Apache Authentication Module Threaded MPM DoS
18255| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
18256| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
18257| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
18258| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
18259| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
18260| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
18261| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
18262| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
18263| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
18264| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
18265| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
18266| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
18267| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
18268| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
18269| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
18270| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
18271| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
18272| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
18273| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
18274| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
18275| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
18276| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
18277| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
18278| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
18279| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
18280| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
18281| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
18282| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
18283| [9208] Apache Tomcat .jsp Encoded Newline XSS
18284| [9204] Apache Tomcat ROOT Application XSS
18285| [9203] Apache Tomcat examples Application XSS
18286| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
18287| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
18288| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
18289| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
18290| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
18291| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
18292| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
18293| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
18294| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
18295| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
18296| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
18297| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
18298| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
18299| [7611] Apache HTTP Server mod_alias Local Overflow
18300| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
18301| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
18302| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
18303| [6882] Apache mod_python Malformed Query String Variant DoS
18304| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
18305| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
18306| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
18307| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
18308| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
18309| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
18310| [5526] Apache Tomcat Long .JSP URI Path Disclosure
18311| [5278] Apache Tomcat web.xml Restriction Bypass
18312| [5051] Apache Tomcat Null Character DoS
18313| [4973] Apache Tomcat servlet Mapping XSS
18314| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
18315| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
18316| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
18317| [4568] mod_survey For Apache ENV Tags SQL Injection
18318| [4553] Apache HTTP Server ApacheBench Overflow DoS
18319| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
18320| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
18321| [4383] Apache HTTP Server Socket Race Condition DoS
18322| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
18323| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
18324| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
18325| [4231] Apache Cocoon Error Page Server Path Disclosure
18326| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
18327| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
18328| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
18329| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
18330| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
18331| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
18332| [3322] mod_php for Apache HTTP Server Process Hijack
18333| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
18334| [2885] Apache mod_python Malformed Query String DoS
18335| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
18336| [2733] Apache HTTP Server mod_rewrite Local Overflow
18337| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
18338| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
18339| [2149] Apache::Gallery Privilege Escalation
18340| [2107] Apache HTTP Server mod_ssl Host: Header XSS
18341| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
18342| [1833] Apache HTTP Server Multiple Slash GET Request DoS
18343| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
18344| [872] Apache Tomcat Multiple Default Accounts
18345| [862] Apache HTTP Server SSI Error Page XSS
18346| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
18347| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
18348| [845] Apache Tomcat MSDOS Device XSS
18349| [844] Apache Tomcat Java Servlet Error Page XSS
18350| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
18351| [838] Apache HTTP Server Chunked Encoding Remote Overflow
18352| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
18353| [775] Apache mod_python Module Importing Privilege Function Execution
18354| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
18355| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
18356| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
18357| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
18358| [637] Apache HTTP Server UserDir Directive Username Enumeration
18359| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
18360| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
18361| [562] Apache HTTP Server mod_info /server-info Information Disclosure
18362| [561] Apache Web Servers mod_status /server-status Information Disclosure
18363| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
18364| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
18365| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
18366| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
18367| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
18368| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
18369| [376] Apache Tomcat contextAdmin Arbitrary File Access
18370| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
18371| [222] Apache HTTP Server test-cgi Arbitrary File Access
18372| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
18373| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
18374|_
18375139/tcp closed netbios-ssn
18376443/tcp open ssl/https?
18377445/tcp closed microsoft-ds
18378Aggressive OS guesses: Microsoft Windows Vista SP1 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 (89%), Microsoft Windows 7 Ultimate (89%), Microsoft Windows 8.1 (89%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 (89%), Microsoft Windows Windows 7 SP1 (89%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (89%), Microsoft Windows 8.1 Enterprise (88%), Microsoft Windows Server 2008 R2 (88%), Asus RT-AC66U router (Linux 2.6) (88%)
18379No exact OS matches for host (test conditions non-ideal).
18380Uptime guess: 92.618 days (since Wed Jul 24 05:15:44 2019)
18381Network Distance: 2 hops
18382TCP Sequence Prediction: Difficulty=261 (Good luck!)
18383IP ID Sequence Generation: Incremental
18384
18385TRACEROUTE (using port 25/tcp)
18386HOP RTT ADDRESS
183871 235.46 ms 10.249.204.1
183882 235.46 ms www1.nikkei-buturyu.co.jp (219.101.223.158)
18389
18390NSE: Script Post-scanning.
18391Initiating NSE at 20:06
18392Completed NSE at 20:06, 0.00s elapsed
18393Initiating NSE at 20:06
18394Completed NSE at 20:06, 0.00s elapsed
18395######################################################################################################################################
18396Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 20:06 EDT
18397NSE: Loaded 47 scripts for scanning.
18398NSE: Script Pre-scanning.
18399Initiating NSE at 20:06
18400Completed NSE at 20:06, 0.00s elapsed
18401Initiating NSE at 20:06
18402Completed NSE at 20:06, 0.00s elapsed
18403Initiating Parallel DNS resolution of 1 host. at 20:06
18404Completed Parallel DNS resolution of 1 host. at 20:06, 0.02s elapsed
18405Initiating UDP Scan at 20:06
18406Scanning www1.nikkei-buturyu.co.jp (219.101.223.158) [15 ports]
18407Completed UDP Scan at 20:06, 4.58s elapsed (15 total ports)
18408Initiating Service scan at 20:06
18409Scanning 13 services on www1.nikkei-buturyu.co.jp (219.101.223.158)
18410Service scan Timing: About 7.69% done; ETC: 20:27 (0:19:36 remaining)
18411Completed Service scan at 20:07, 102.58s elapsed (13 services on 1 host)
18412Initiating OS detection (try #1) against www1.nikkei-buturyu.co.jp (219.101.223.158)
18413Retrying OS detection (try #2) against www1.nikkei-buturyu.co.jp (219.101.223.158)
18414Initiating Traceroute at 20:08
18415Completed Traceroute at 20:08, 7.18s elapsed
18416Initiating Parallel DNS resolution of 1 host. at 20:08
18417Completed Parallel DNS resolution of 1 host. at 20:08, 0.00s elapsed
18418NSE: Script scanning 219.101.223.158.
18419Initiating NSE at 20:08
18420Completed NSE at 20:08, 7.81s elapsed
18421Initiating NSE at 20:08
18422Completed NSE at 20:08, 1.94s elapsed
18423Nmap scan report for www1.nikkei-buturyu.co.jp (219.101.223.158)
18424Host is up (0.20s latency).
18425
18426PORT STATE SERVICE VERSION
1842753/udp open|filtered domain
1842867/udp open|filtered dhcps
1842968/udp open|filtered dhcpc
1843069/udp open|filtered tftp
1843188/udp open|filtered kerberos-sec
18432123/udp open|filtered ntp
18433137/udp filtered netbios-ns
18434138/udp filtered netbios-dgm
18435139/udp open|filtered netbios-ssn
18436161/udp open|filtered snmp
18437162/udp open|filtered snmptrap
18438389/udp open|filtered ldap
18439500/udp open|filtered isakmp
18440|_ike-version: ERROR: Script execution failed (use -d to debug)
18441520/udp open|filtered route
184422049/udp open|filtered nfs
18443Too many fingerprints match this host to give specific OS details
18444
18445TRACEROUTE (using port 137/udp)
18446HOP RTT ADDRESS
184471 153.69 ms 10.249.204.1
184482 ... 3
184494 100.92 ms 10.249.204.1
184505 301.25 ms 10.249.204.1
184516 301.25 ms 10.249.204.1
184527 301.25 ms 10.249.204.1
184538 301.23 ms 10.249.204.1
184549 201.65 ms 10.249.204.1
1845510 101.35 ms 10.249.204.1
1845611 ... 18
1845719 148.42 ms 10.249.204.1
1845820 100.70 ms 10.249.204.1
1845921 ... 27
1846028 100.50 ms 10.249.204.1
1846129 ...
1846230 160.34 ms 10.249.204.1
18463
18464NSE: Script Post-scanning.
18465Initiating NSE at 20:08
18466Completed NSE at 20:08, 0.00s elapsed
18467Initiating NSE at 20:08
18468Completed NSE at 20:08, 0.00s elapsed
18469######################################################################################################################################
18470Hosts
18471=====
18472
18473address mac name os_name os_flavor os_sp purpose info comments
18474------- --- ---- ------- --------- ----- ------- ---- --------
18475219.101.223.158 www1.nikkei-buturyu.co.jp Windows Vista client
18476
18477Services
18478========
18479
18480host port proto name state info
18481---- ---- ----- ---- ----- ----
18482219.101.223.158 25 tcp smtp closed
18483219.101.223.158 53 udp domain unknown
18484219.101.223.158 67 udp dhcps unknown
18485219.101.223.158 68 udp dhcpc unknown
18486219.101.223.158 69 udp tftp unknown
18487219.101.223.158 80 tcp http open Apache httpd
18488219.101.223.158 88 udp kerberos-sec unknown
18489219.101.223.158 123 udp ntp unknown
18490219.101.223.158 137 udp netbios-ns filtered
18491219.101.223.158 138 udp netbios-dgm filtered
18492219.101.223.158 139 tcp netbios-ssn closed
18493219.101.223.158 139 udp netbios-ssn unknown
18494219.101.223.158 161 udp snmp unknown
18495219.101.223.158 162 udp snmptrap unknown
18496219.101.223.158 389 udp ldap unknown
18497219.101.223.158 443 tcp ssl/https open
18498219.101.223.158 445 tcp microsoft-ds closed
18499219.101.223.158 500 udp isakmp unknown
18500219.101.223.158 520 udp route unknown
18501219.101.223.158 2049 udp nfs unknown
18502#######################################################################################################################################
18503 Anonymous JTSEC #OpWhales Full Recon #49