CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2068 – (mod_proxy): Sensitive response disclosure due improper handling of timeouts
https://notcve.org/view.php?id=CVE-2010-2068
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. mod_proxy_http.c en mod_proxy_http en el servidor Apache HTTP v2.2.9 hasta v2.2.15, v2.3.4-alpha, y 2.3.5-alpha en Windows, NetWare, y OS/2, en algunas configuraciones que implique grupos de trabajo proxy, no detecta de forma adecuada los "timeouts" lo que permite a atacantes remotos obtener una respuesta potencialmente sensibles, destinada a un cliente diferente en circunstancias oportunistas a través de una petición HTTP normal. • http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E http://marc.info/?l=apache-announce&m=128009718610929&w=2 http://secunia.com/advisories/40206 http://secunia.com/advisories/40824 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://secunia.com/advisories/41722 http://securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6675
https://notcve.org/view.php?id=CVE-2006-6675
Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. Vulnerabilidad de XSS en Novell NetWare 6.5 Support Pack 5 y 6 y Novell Apache en NetWare 2.0.48 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados en la aplicación web Welcome. • http://secunia.com/advisories/23406 http://www.securityfocus.com/bid/21678 http://www.vupen.com/english/advisories/2006/5090 https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-1999-0929
https://notcve.org/view.php?id=CVE-1999-0929
Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0929 •