CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2008-0456 – httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
https://notcve.org/view.php?id=CVE-2008-0456
25 Jan 2008 — CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP re... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-6423
https://notcve.org/view.php?id=CVE-2007-6423
12 Jan 2008 — Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue ** CUESTIONABLE ** Vulnerabilidad no especificada en mod_proxy_balancer para Apache HTTP Server 2.2.x, en versiones anteriores a la 2.2.7-dev, cuando se ejecuta en Windows, permite que atacantes remotos provoquen una corrupción de memoria usando una URL larga. NOTA: el vende... • http://securityreason.com/securityalert/3523 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 21%CPEs: 10EXPL: 0CVE-2007-6420 – mod_proxy_balancer: mod_proxy_balancer CSRF
https://notcve.org/view.php?id=CVE-2007-6420
12 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.x, permite a los atacantes remotos conseguir privilegios por medio de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 7%CPEs: 8EXPL: 2CVE-2008-0005 – mod_proxy_ftp XSS
https://notcve.org/view.php?id=CVE-2008-0005
12 Jan 2008 — mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. mod_proxy_ftp en Apache 2.2.x antes de la versión 2.2.7-dev, 2.0.x antes de la2.0.62-dev, y 1.3.x antes de 1.3.40-dev, no define un conjunto de caracteres, lo que permite que atacantes remootos puedan llevar a cabo ataques de secuencias de comandos (XSS) en sitios cruzados usando una c... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 0CVE-2007-6421 – httpd mod_proxy_balancer cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6421
08 Jan 2008 — Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. La vulnerabilidad de tipo cross-site-scripting (XSS) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 18%CPEs: 7EXPL: 0CVE-2007-6422 – httpd mod_proxy_balancer crash
https://notcve.org/view.php?id=CVE-2007-6422
08 Jan 2008 — The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. La función balancer_handler en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, cuando se utiliza un módulo de procesamiento múltiple enhebrado, permite a los usuarios autenticados remotos causar una denegación... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 28%CPEs: 3EXPL: 0CVE-2007-6388 – apache mod_status cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6388
08 Jan 2008 — Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), en mod_status, dentro de Apache HTTP Server, en versiones 2.2.0 hasta 2.2.6, 2.0.35 hasta 2.0.61, y 1.3.2 hasta 1.3.39, cuando la página server-status está activada, ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2007-6514 – Apache 2.2.6 (Windows) - Share PHP File Extension Mapping Information Disclosure
https://notcve.org/view.php?id=CVE-2007-6514
21 Dec 2007 — Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. Apache HTTP Server, cuando funciona sobre Linux con un documento root sobre un Windows compartido utilizando smbfs, permite a atacantes remotos obtener contenido no procesado como un archivo fuente para programas .php a través d... • https://www.exploit-db.com/exploits/30901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 39%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 95%CPEs: 25EXPL: 3CVE-2007-6203 – Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6203
03 Dec 2007 — Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Met... • https://www.exploit-db.com/exploits/30835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •