Filtered by vendor Apache
Subscribe
Total
2295 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0743 | 1 Apache | 1 Log4net | 2024-11-21 | 5.0 MEDIUM | N/A |
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||
CVE-2006-0254 | 1 Apache | 1 Geronimo | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | |||||
CVE-2006-0042 | 2 Apache, Debian | 2 Libapreq2, Debian Linux | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | |||||
CVE-2005-4849 | 1 Apache | 1 Derby | 2024-11-21 | 5.0 MEDIUM | N/A |
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | |||||
CVE-2005-4838 | 1 Apache | 1 Tomcat | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries. | |||||
CVE-2005-4836 | 1 Apache | 1 Tomcat | 2024-11-21 | 7.8 HIGH | N/A |
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | |||||
CVE-2005-4703 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | N/A |
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | |||||
CVE-2005-3745 | 1 Apache | 1 Struts | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message. | |||||
CVE-2005-3510 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | N/A |
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files. | |||||
CVE-2005-3357 | 1 Apache | 1 Http Server | 2024-11-21 | 5.4 MEDIUM | N/A |
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | |||||
CVE-2005-3352 | 1 Apache | 1 Http Server | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. | |||||
CVE-2005-3351 | 1 Apache | 1 Spamassassin | 2024-11-21 | 5.0 MEDIUM | N/A |
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | |||||
CVE-2005-3164 | 2 Apache, Hitachi | 2 Tomcat, Cosminexus Application Server | 2024-11-21 | 2.6 LOW | N/A |
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. | |||||
CVE-2005-2970 | 4 Apache, Canonical, Fedoraproject and 1 more | 6 Http Server, Ubuntu Linux, Fedora Core and 3 more | 2024-11-21 | 5.0 MEDIUM | N/A |
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. | |||||
CVE-2005-2728 | 1 Apache | 1 Http Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. | |||||
CVE-2005-2700 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2024-11-21 | 10.0 HIGH | N/A |
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2005-2090 | 1 Apache | 1 Tomcat | 2024-11-20 | 4.3 MEDIUM | N/A |
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
CVE-2005-2088 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-20 | 4.3 MEDIUM | N/A |
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
CVE-2005-1344 | 1 Apache | 1 Http Server | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. | |||||
CVE-2005-1268 | 3 Apache, Debian, Redhat | 5 Http Server, Debian Linux, Enterprise Linux Desktop and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. |