CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 5CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
28 Jul 2006 — Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.... • https://www.exploit-db.com/exploits/2237 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 91%CPEs: 8EXPL: 5CVE-2006-3918 – Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
https://notcve.org/view.php?id=CVE-2006-3918
28 Jul 2006 — http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. http_protocol.c en (1) IBM HTTP Server 6.0 anterioa a 6.0.2.13 y 6... • https://www.exploit-db.com/exploits/28424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 5%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •
CVSS: 6.1EPSS: 37%CPEs: 3EXPL: 0CVE-2005-3352 – httpd cross-site scripting flaw in mod_imap
https://notcve.org/view.php?id=CVE-2005-3352
13 Dec 2005 — Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_imap de Apache httpd anteriores a 1.3.35-dev y Apache httpd 2.0.x anteriores a 2.0.56-dev permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el Referente cuan... • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2343
https://notcve.org/view.php?id=CVE-2004-2343
31 Dec 2004 — Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument • http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html •
CVSS: 7.5EPSS: 81%CPEs: 1EXPL: 1CVE-2004-0942 – Apache 2.0.52 - GET Denial of Service
https://notcve.org/view.php?id=CVE-2004-0942
04 Nov 2004 — Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 •
CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 1%CPEs: 50EXPL: 0CVE-2004-0263
https://notcve.org/view.php?id=CVE-2004-0263
01 Sep 2004 — PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensi... • http://security.gentoo.org/glsa/glsa-200402-01.xml •
CVSS: 10.0EPSS: 18%CPEs: 17EXPL: 0CVE-2004-0492 – httpd mod_proxy buffer overflow
https://notcve.org/view.php?id=CVE-2004-0492
23 Jun 2004 — Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elecció... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •
CVSS: 7.5EPSS: 36%CPEs: 11EXPL: 2CVE-2004-0173 – Apache Cygwin 1.3.x/2.0.x - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0173
15 Apr 2004 — Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. Vulnerabilidad de atravesamiento de directorios en Apache 1.3.29 y anteriores, y Apache 2.0.48 y anteriores, cuando se ejecuta sobre Cygwin, permite a atacantes remotos leer ficheros arbitrarios mediante una URL conteniendo secuencias "..%5C" (punto punto barra atrás codificad... • https://www.exploit-db.com/exploits/23751 •