CVSS: 9.8EPSS: 27%CPEs: 44EXPL: 0CVE-2006-4154
https://notcve.org/view.php?id=CVE-2006-4154
16 Oct 2006 — Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. Vulnerabilidad de cadena de formato en el módulo mod_tcl 1.0 para Apache 2.x permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante especificadores de cadena de formato que no se manejan adecuadamente en una ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 •
CVSS: 7.5EPSS: 31%CPEs: 3EXPL: 3CVE-2006-4110 – Apache 2.2.2 - CGI Script Source Code Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4110
14 Aug 2006 — Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. Apache 2.2.2, cuando se ejecuta en Windows, permite a atacantes remotos leer código fuente de programas CGI mediante una petición que contenga caracteres en mayúscula (o mayúsculas alternadas) que evitan la directiva ScripAlias... • https://www.exploit-db.com/exploits/28365 •
CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 5CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
28 Jul 2006 — Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.... • https://www.exploit-db.com/exploits/2237 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 91%CPEs: 8EXPL: 5CVE-2006-3918 – Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
https://notcve.org/view.php?id=CVE-2006-3918
28 Jul 2006 — http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. http_protocol.c en (1) IBM HTTP Server 6.0 anterioa a 6.0.2.13 y 6... • https://www.exploit-db.com/exploits/28424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 5%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •
CVSS: 7.5EPSS: 23%CPEs: 26EXPL: 0CVE-2005-3357
https://notcve.org/view.php?id=CVE-2005-3357
31 Dec 2005 — mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 37%CPEs: 3EXPL: 0CVE-2005-3352 – httpd cross-site scripting flaw in mod_imap
https://notcve.org/view.php?id=CVE-2005-3352
13 Dec 2005 — Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_imap de Apache httpd anteriores a 1.3.35-dev y Apache httpd 2.0.x anteriores a 2.0.56-dev permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el Referente cuan... • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 11EXPL: 0CVE-2005-2970
https://notcve.org/view.php?id=CVE-2005-2970
25 Oct 2005 — Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2005-2700
https://notcve.org/view.php?id=CVE-2005-2700
06 Sep 2005 — ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html •
CVSS: 7.5EPSS: 61%CPEs: 24EXPL: 0CVE-2005-2728
https://notcve.org/view.php?id=CVE-2005-2728
29 Aug 2005 — The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U •