CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 0CVE-2007-4465 – mod_autoindex XSS
https://notcve.org/view.php?id=CVE-2007-4465
14 Sep 2007 — Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTT... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
23 Aug 2007 — The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a travé... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 28%CPEs: 17EXPL: 0CVE-2006-5752 – httpd mod_status XSS
https://notcve.org/view.php?id=CVE-2006-5752
27 Jun 2007 — Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mod_status.c en el módulo mod_status en Apache HTTP Server (httpd)... • http://bugs.gentoo.org/show_bug.cgi?id=186219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 88%CPEs: 38EXPL: 0CVE-2007-1863 – httpd mod_cache segfault
https://notcve.org/view.php?id=CVE-2007-1863
27 Jun 2007 — cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. cache_util.c en el módulo mod_cache module en Apache HTTP Server (httpd), cuando caching está habilitado y el módulo de hilos Multi-Processing Module (MPM) est... • http://bugs.gentoo.org/show_bug.cgi?id=186219 •
CVSS: 5.5EPSS: 1%CPEs: 10EXPL: 1CVE-2007-3304 – httpd scoreboard lack of PID protection
https://notcve.org/view.php?id=CVE-2007-3304
20 Jun 2007 — Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Apache httpd versiones 1.3.37, 2.0.59 y 2.2.4 con el módulo Prefork MPM, permite a los usuarios locales causar una denegación de servicio por la modificación de las matrices worker_score y process_score para hacer referencia ... • ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3303
https://notcve.org/view.php?id=CVE-2007-3303
20 Jun 2007 — Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. Apache httpd 2.0... • http://osvdb.org/37050 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 84%CPEs: 44EXPL: 0CVE-2006-4154
https://notcve.org/view.php?id=CVE-2006-4154
16 Oct 2006 — Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. Vulnerabilidad de cadena de formato en el módulo mod_tcl 1.0 para Apache 2.x permite a atacantes locales o remotos (dependiendo del contexto) ejecutar código de su elección mediante especificadores de cadena de formato que no se manejan adecuadamente en una ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2006-4110 – Apache 2.2.2 - CGI Script Source Code Information Disclosure
https://notcve.org/view.php?id=CVE-2006-4110
14 Aug 2006 — Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. Apache 2.2.2, cuando se ejecuta en Windows, permite a atacantes remotos leer código fuente de programas CGI mediante una petición que contenga caracteres en mayúscula (o mayúsculas alternadas) que evitan la directiva ScripAlias... • https://www.exploit-db.com/exploits/28365 •
CVSS: 7.6EPSS: 93%CPEs: 7EXPL: 5CVE-2006-3747 – Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow
https://notcve.org/view.php?id=CVE-2006-3747
28 Jul 2006 — Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.... • https://www.exploit-db.com/exploits/2237 • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 2%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •