CVSS: 6.1EPSS: 28%CPEs: 3EXPL: 0CVE-2007-6388 – apache mod_status cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6388
08 Jan 2008 — Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), en mod_status, dentro de Apache HTTP Server, en versiones 2.2.0 hasta 2.2.6, 2.0.35 hasta 2.0.61, y 1.3.2 hasta 1.3.39, cuando la página server-status está activada, ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 39%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 95%CPEs: 25EXPL: 3CVE-2007-6203 – Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6203
03 Dec 2007 — Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Met... • https://www.exploit-db.com/exploits/30835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 0CVE-2007-4465 – mod_autoindex XSS
https://notcve.org/view.php?id=CVE-2007-4465
14 Sep 2007 — Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTT... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
23 Aug 2007 — The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a travé... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 28%CPEs: 17EXPL: 0CVE-2006-5752 – httpd mod_status XSS
https://notcve.org/view.php?id=CVE-2006-5752
27 Jun 2007 — Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mod_status.c en el módulo mod_status en Apache HTTP Server (httpd)... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 88%CPEs: 38EXPL: 0CVE-2007-1863 – httpd mod_cache segfault
https://notcve.org/view.php?id=CVE-2007-1863
27 Jun 2007 — cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. cache_util.c en el módulo mod_cache module en Apache HTTP Server (httpd), cuando caching está habilitado y el módulo de hilos Multi-Processing Module (MPM) est... • http://bugs.gentoo.org/show_bug.cgi?id=186219 •
CVSS: 5.5EPSS: 1%CPEs: 10EXPL: 1CVE-2007-3304 – httpd scoreboard lack of PID protection
https://notcve.org/view.php?id=CVE-2007-3304
20 Jun 2007 — Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Apache httpd versiones 1.3.37, 2.0.59 y 2.2.4 con el módulo Prefork MPM, permite a los usuarios locales causar una denegación de servicio por la modificación de las matrices worker_score y process_score para hacer referencia ... • ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc •
CVSS: 9.8EPSS: 84%CPEs: 44EXPL: 0CVE-2006-4154
https://notcve.org/view.php?id=CVE-2006-4154
16 Oct 2006 — Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. Vulnerabilidad de cadena de formato en el módulo mod_tcl 1.0 para Apache 2.x permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante especificadores de cadena de formato que no se manejan adecuadamente en una ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 •
CVSS: 7.6EPSS: 93%CPEs: 7EXPL: 5CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
28 Jul 2006 — Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.... • https://www.exploit-db.com/exploits/2237 • CWE-189: Numeric Errors •