CVSS: 6.5EPSS: 16%CPEs: 7EXPL: 0CVE-2007-6422 – httpd mod_proxy_balancer crash
https://notcve.org/view.php?id=CVE-2007-6422
08 Jan 2008 — The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. La función balancer_handler en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, cuando se utiliza un módulo de procesamiento múltiple enhebrado, permite a los usuarios autenticados remotos causar una denegación... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 28%CPEs: 3EXPL: 0CVE-2007-6388 – apache mod_status cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6388
08 Jan 2008 — Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), en mod_status, dentro de Apache HTTP Server, en versiones 2.2.0 hasta 2.2.6, 2.0.35 hasta 2.0.61, y 1.3.2 hasta 1.3.39, cuando la página server-status está activada, ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2007-6514 – Apache 2.2.6 (Windows) - Share PHP File Extension Mapping Information Disclosure
https://notcve.org/view.php?id=CVE-2007-6514
21 Dec 2007 — Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. Apache HTTP Server, cuando funciona sobre Linux con un documento root sobre un Windows compartido utilizando smbfs, permite a atacantes remotos obtener contenido no procesado como un archivo fuente para programas .php a través d... • https://www.exploit-db.com/exploits/30901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 39%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 95%CPEs: 25EXPL: 3CVE-2007-6203 – Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6203
03 Dec 2007 — Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Met... • https://www.exploit-db.com/exploits/30835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 0CVE-2007-4465 – mod_autoindex XSS
https://notcve.org/view.php?id=CVE-2007-4465
14 Sep 2007 — Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTT... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
23 Aug 2007 — The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a travé... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 88%CPEs: 38EXPL: 0CVE-2007-1863 – httpd mod_cache segfault
https://notcve.org/view.php?id=CVE-2007-1863
27 Jun 2007 — cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. cache_util.c en el módulo mod_cache module en Apache HTTP Server (httpd), cuando caching está habilitado y el módulo de hilos Multi-Processing Module (MPM) est... • http://bugs.gentoo.org/show_bug.cgi?id=186219 •
CVSS: 6.1EPSS: 32%CPEs: 17EXPL: 0CVE-2006-5752 – httpd mod_status XSS
https://notcve.org/view.php?id=CVE-2006-5752
27 Jun 2007 — Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mod_status.c en el módulo mod_status en Apache HTTP Server (httpd)... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 12%CPEs: 1EXPL: 2CVE-2007-3340 – BugHunter HTTP Server 1.6.2 - 'httpsv.exe' GET 404 Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-3340
21 Jun 2007 — BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. El servidor HTTP (httpsv.exe) de BugHunter versión 1.6.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un gran número de peticiones de páginas inexistentes. • https://www.exploit-db.com/exploits/9478 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •