CVSS: 10.0EPSS: 97%CPEs: 59EXPL: 3CVE-2010-0425 – Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
https://notcve.org/view.php?id=CVE-2010-0425
05 Mar 2010 — modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." El archivo modules/arch/win32/mod_isapi.c en la función mod_isapi en el servidor H... • https://packetstorm.news/files/id/180533 •
CVSS: 7.5EPSS: 14%CPEs: 12EXPL: 0CVE-2010-0408 – httpd: mod_proxy_ajp remote temporary DoS
https://notcve.org/view.php?id=CVE-2010-0408
05 Mar 2010 — The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. La función ap_proxy_ajp_request en mod_proxy_ajp.c en mod_proxy_ajp en the Apache HTTP Server v2.2.x en versiones anteriores a ... • http://httpd.apache.org/security/vulnerabilities_22.html •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 1CVE-2009-3560 – expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
https://notcve.org/view.php?id=CVE-2009-3560
04 Dec 2009 — The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. La función big2_toUt8 en lib/xmltok.c en libexpat de Expat v2.0.1, como el usado en el módulo XML-Twig para Perl, perm... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 6CVE-2009-3555 – Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
https://notcve.org/view.php?id=CVE-2009-3555
09 Nov 2009 — The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other... • https://www.exploit-db.com/exploits/10071 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 6.5EPSS: 5%CPEs: 5EXPL: 1CVE-2009-3720 – expat: buffer over-read and crash on XML with malformed UTF-8 sequences
https://notcve.org/view.php?id=CVE-2009-3720
03 Nov 2009 — The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. La función updatePosition en lib/xmltok_impl.c en libexpat en Expat v2.0.1, usado en Python, PyXML, w3c-libwww, ay otros programas, permite a atacantes dependientes ... • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch •
CVSS: 7.5EPSS: 49%CPEs: 2EXPL: 0CVE-2009-2699
https://notcve.org/view.php?id=CVE-2009-2699
13 Oct 2009 — The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. La opción pollset de Solaris en el backend Event Port en poll/unix/port.c en la librería Apache Portable Runtime (APR) anterior v1.3.9,... • http://marc.info/?l=bugtraq&m=133355494609819&w=2 • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3094 – httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
https://notcve.org/view.php?id=CVE-2009-3094
08 Sep 2009 — The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. La función ap_proxy_ftp_handler en modules/proxy/proxy_ftp.c en el módulo mod_proxy_ftp en Apache HTTP Server v2.0.63 y v2.2.13, permite a servidores FTP remotos provocar una denegación de servicio (referencia a puntero NULL o ca... • http://intevydis.com/vd-list.shtml • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 0CVE-2009-3095 – httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
https://notcve.org/view.php?id=CVE-2009-3095
08 Sep 2009 — The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. El módulo mod_proxy_ftp en el sevidor HTTP Apache, permite a atacantes remotos evitar las restricciones de acceso establecidas y enviar comandos de su elección a un servidor FTP mediante vect... • http://intevydis.com/vd-list.shtml •
CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 2CVE-2009-1891 – httpd: possible temporary DoS (CPU consumption) in mod_deflate
https://notcve.org/view.php?id=CVE-2009-1891
10 Jul 2009 — The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). El módulo mod_deflate en Apache httpd v2.2.11 y anteriores comprime archivos de gran tamaño hasta finalizar incluso después de que la conexión de red asociada está cerrada, lo cual permite a atacantes remotos provocar una denegación de servicio (consumo de CPU). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 35%CPEs: 14EXPL: 0CVE-2009-1890 – httpd: mod_proxy reverse proxy DoS (infinite loop)
https://notcve.org/view.php?id=CVE-2009-1890
05 Jul 2009 — The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. La función stream_reqbody_cl de mod_proxy_http.c en el módulo mod_proxy del Servidor HTTP de Apache anterior a v2.3.3, cuando está configurado un proxy inverso, no maneja ... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •