CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32342 – IBM GSKit information disclosure
https://notcve.org/view.php?id=CVE-2023-32342
30 May 2023 — IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255828 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-26281 – IBM HTTP Server denial of service
https://notcve.org/view.php?id=CVE-2023-26281
28 Feb 2023 — IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248296 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2015-4947
https://notcve.org/view.php?id=CVE-2015-4947
15 Sep 2015 — Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors. Desbordamiento del buffer basado en pila en el Administration Server en IBM HTTP Server 6.1.0.x hasta la versión 6.1.0.47, 7.0.0.x en versiones anteriores a 7.0.0.39, 8.0.0.x en versiones a... • http://www-01.ibm.com/support/docview.wss?uid=swg1PI44793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 48%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2012-5955
https://notcve.org/view.php?id=CVE-2012-5955
20 Dec 2012 — Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en el componente de IBM HTTP Server v5.3 en IBM WebSphere Application Server (WAS) para z/OS permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?&uid=swg21620945 •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0CVE-2011-1360
https://notcve.org/view.php?id=CVE-2011-1360
28 Oct 2011 — Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. vulnerabilidad múltiple en cross-site scripting (XSS) en IBM HTTP Server v2.0.47 y anteriores, se utiliza en WebSphere Application Server y otros productos, permite a atacantes remotos inyectar se... • http://www-01.ibm.com/support/docview.wss?uid=swg21502580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 12EXPL: 0CVE-2010-2068 – (mod_proxy): Sensitive response disclosure due improper handling of timeouts
https://notcve.org/view.php?id=CVE-2010-2068
18 Jun 2010 — mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. mod_proxy_http.c en mod_proxy_http en el servidor Apache HTTP v2.2.9 hasta v2.2.15, v2.3.4-alpha, y 2.3.5-alpha en ... • http://httpd.apache.org/security/vulnerabilities_22.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 0CVE-2004-2478
https://notcve.org/view.php?id=CVE-2004-2478
31 Dec 2004 — Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049846.html •
CVSS: 7.5EPSS: 1%CPEs: 50EXPL: 0CVE-2004-0263
https://notcve.org/view.php?id=CVE-2004-0263
01 Sep 2004 — PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensi... • http://security.gentoo.org/glsa/glsa-200402-01.xml •
CVSS: 7.5EPSS: 91%CPEs: 16EXPL: 3CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
30 Jun 2004 — The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un d... • https://www.exploit-db.com/exploits/371 •