CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 2CVE-2009-1195 – httpd: AllowOverride Options=IncludesNoExec allows Options Includes
https://notcve.org/view.php?id=CVE-2009-1195
28 May 2009 — The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. El Servidor HTTP de Apache v2.2.11 y anteriores a versiones 2.2 no maneja adecuadamente Options=IncludesNOEXEC en la directiva AllowOverride, lo que permite a usuarios ... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2009-1191 – httpd mod_proxy_ajp information disclosure
https://notcve.org/view.php?id=CVE-2009-1191
23 Apr 2009 — mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. mod_proxy_ajp.c en el módulo mod_proxy_ajp en el servidor HTTP Apache v2.2.11 permite a atacantes remotos obtener datos de respuesta sensibles, lo que esta previsto para un cliente que envío una petición POST temprana sin cuerpo de petición, a través de una petición HTTP. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html •
CVSS: 9.8EPSS: 0%CPEs: 60EXPL: 0CVE-2008-2384 – mod_auth_mysql: character encoding SQL injection flaw
https://notcve.org/view.php?id=CVE-2008-2384
22 Jan 2009 — SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a ataca... • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 10%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 22%CPEs: 18EXPL: 0CVE-2008-2364 – httpd: mod_proxy_http DoS via excessive interim responses from the origin server
https://notcve.org/view.php?id=CVE-2008-2364
13 Jun 2008 — The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. La función ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el número de respuestas de desvío provisionales, lo que permit... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 11%CPEs: 49EXPL: 2CVE-2008-2168 – Microsoft Internet Explorer 2 - UTF-7 HTTP Response Handling
https://notcve.org/view.php?id=CVE-2008-2168
13 May 2008 — Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. La vulnerabilidad de tipo cross-site-scripting (XSS) en Apache versión 2.2.6 y anteriores, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de direcciones URL codificadas UTF-7 que no se manejan apropiadamente cuando se muestra la página de error 4... • https://www.exploit-db.com/exploits/31759 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 67%CPEs: 9EXPL: 5CVE-2008-0455 – Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2008-0455
25 Jan 2008 — Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a req... • https://www.exploit-db.com/exploits/31052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2008-0456 – httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
https://notcve.org/view.php?id=CVE-2008-0456
25 Jan 2008 — CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP re... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2007-6423
https://notcve.org/view.php?id=CVE-2007-6423
12 Jan 2008 — Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue ** CUESTIONABLE ** Vulnerabilidad no especificada en mod_proxy_balancer para Apache HTTP Server 2.2.x, en versiones anteriores a la 2.2.7-dev, cuando se ejecuta en Windows, permite que atacantes remotos provoquen una corrupción de memoria usando una URL larga. NOTA: el vende... • http://securityreason.com/securityalert/3523 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 21%CPEs: 10EXPL: 0CVE-2007-6420 – mod_proxy_balancer: mod_proxy_balancer CSRF
https://notcve.org/view.php?id=CVE-2007-6420
12 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.x, permite a los atacantes remotos conseguir privilegios por medio de vectores no especificados. • http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •