CVSS: 7.5EPSS: 97%CPEs: 100EXPL: 7CVE-2011-3368 – Apache mod_proxy - Reverse Proxy Exposure
https://notcve.org/view.php?id=CVE-2011-3368
05 Oct 2011 — The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. El módulo mod_proxy del servidor HTTP Apache 1.3.x hasta la versión 1.3.42, 2.0.x hasta la 2.0.64 y 2.2.x hasta la 2.2.21 no interac... • https://packetstorm.news/files/id/181059 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 97%CPEs: 16EXPL: 11CVE-2011-3192 – Apache - Denial of Service
https://notcve.org/view.php?id=CVE-2011-3192
29 Aug 2011 — The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. El filtro byterange en el Servidor Apache HTTP v1.3.x, v2.0.x hasta v2.0.64, y v2.2.x hasta v2.2.19 permite a tacantes remotos provocar una denegación de servicio (consumo de memo... • https://packetstorm.news/files/id/180517 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
16 May 2011 — Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamie... • https://www.exploit-db.com/exploits/35738 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 82%CPEs: 45EXPL: 0CVE-2010-1623 – apr-util: high memory consumption in apr_brigade_split_line()
https://notcve.org/view.php?id=CVE-2010-1623
04 Oct 2010 — Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Pérdida de memoria en la función apr_brigade_split_line en buckets/apr_brigade.c en la biblioteca Apache Portable Runtime Utility (ta... • http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 28%CPEs: 2EXPL: 0CVE-2010-1452 – mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
https://notcve.org/view.php?id=CVE-2010-1452
28 Jul 2010 — The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Los módulos (1) mod_cache y (2) mod_dav en el servidor Apache HTTP Server v2.2.x anteriores a v2.2.16 permiten a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de una petición que carece de una ruta. • http://blogs.sun.com/security/entry/cve_2010_1452_mod_dav •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0434 – httpd: request header information leak
https://notcve.org/view.php?id=CVE-2010-0434
05 Mar 2010 — The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. La funcion ap_read_request en server/protocol.c en Apache HTTP Server v2.2.x en versiones anterior... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 97%CPEs: 59EXPL: 3CVE-2010-0425 – Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
https://notcve.org/view.php?id=CVE-2010-0425
05 Mar 2010 — modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." El archivo modules/arch/win32/mod_isapi.c en la función mod_isapi en el servidor H... • https://packetstorm.news/files/id/180533 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2003-1580
https://notcve.org/view.php?id=CVE-2003-1580
05 Feb 2010 — The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. El servidor Apache HTTP v2.0.44, cuando la resolución DNS es activada para direcciones... • http://www.securityfocus.com/archive/1/313867 • CWE-189: Numeric Errors •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 1CVE-2003-1581
https://notcve.org/view.php?id=CVE-2003-1581
05 Feb 2010 — The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. El servidor Apache HTTP v2.0.44, cuando la resolución DNS es activada para direcciónes IP de clientes, permite a atacantes remotos inyectar texto de su elección a través de peticiones HTTP en c... • http://www.securityfocus.com/archive/1/313867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 1CVE-2009-3560 – expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
https://notcve.org/view.php?id=CVE-2009-3560
04 Dec 2009 — The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. La función big2_toUt8 en lib/xmltok.c en libexpat de Expat v2.0.1, como el usado en el módulo XML-Twig para Perl, perm... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •