CVSS: 7.5EPSS: 30%CPEs: 10EXPL: 0CVE-2013-6438 – httpd: mod_dav denial of service via crafted DAV WRITE request
https://notcve.org/view.php?id=CVE-2013-6438
18 Mar 2014 — The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. La función dav_xml_get_cdata en main/util.c en el módulo mod_dav en el Apache HTTP Server anterior a 2.4.8 no elimina debidamente caracteres de espacio en blanco de secciones CDATA, lo que permite a atacantes remotos causar una de... • http://advisories.mageia.org/MGASA-2014-0135.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 48%CPEs: 14EXPL: 0CVE-2014-0098 – httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS
https://notcve.org/view.php?id=CVE-2014-0098
18 Mar 2014 — The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. La función log_cookie en mod_log_config.c en el módulo mod_log_config en el Apache HTTP Server anterior a 2.4.8 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y caída de demonio) a través de una cookie ... • http://advisories.mageia.org/MGASA-2014-0135.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 33%CPEs: 1EXPL: 1CVE-2013-2249 – Slackware Security Advisory - httpd Updates
https://notcve.org/view.php?id=CVE-2013-2249
23 Jul 2013 — mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. mod_session_dbd.c en el módulo mod_session_dbd en Apache HTTP Server anterior a 2.4.5, continua con las operaciones de guardado para una sesión sin considerar la "dirty flag" y la solicitud para una nuevo ID de sesión, lo que tiene un impacto no es... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 •
CVSS: 7.5EPSS: 30%CPEs: 23EXPL: 1CVE-2013-1896 – httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
https://notcve.org/view.php?id=CVE-2013-1896
10 Jul 2013 — mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. mod_dav.c en el Apache HTTP Server anterior a 2.2.25 no determina adecuadamente si DAV está activado para URI, lo que permite a atacantes remotos provocar una dene... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html •
CVSS: 9.8EPSS: 21%CPEs: 27EXPL: 0CVE-2013-1862 – httpd: mod_rewrite allows terminal escape sequences to be written to the log file
https://notcve.org/view.php?id=CVE-2013-1862
10 Jun 2013 — mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_rewrite.c en el modulo mod_rewrite en Apache HTTP Server v2.2.x anterior a v2.2.25 escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a un atacante remotos ejecutar... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html •
CVSS: 6.1EPSS: 21%CPEs: 27EXPL: 0CVE-2012-3499 – httpd: multiple XSS flaws due to unescaped hostnames
https://notcve.org/view.php?id=CVE-2012-3499
26 Feb 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache HTTP Server v2.2.x antes de v2.2.24-dev y v2.4.x antes de v2.4.4 que permite ataque... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 58%CPEs: 27EXPL: 0CVE-2012-4558 – httpd: XSS flaw in mod_proxy_balancer manager interface
https://notcve.org/view.php?id=CVE-2012-4558
26 Feb 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función balancer_handler en la interfaz de gestión mod_proxy_balancer.c en el módulo mod_pr... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 88%CPEs: 15EXPL: 0CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
13 Dec 2007 — Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 ... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 5%CPEs: 40EXPL: 0CVE-2006-0435
https://notcve.org/view.php?id=CVE-2006-0435
26 Jan 2006 — Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html •