VIR Vulnerability Intelligence Relay

Search

Found 444 results in 217ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-3544 medium 5.0 sles apache 13y ago Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
CVE-2013-0942 medium 4.3 emcmicrosoftapache 13y ago Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t…
CVE-2013-1884 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an inval…
CVE-2013-1849 medium 4.3 FIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P…
CVE-2013-1847 medium 6.0 EXPFIX debian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an …
CVE-2013-1846 medium 4.0 FIX suse susedebian debian apache 13y ago The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash…
CVE-2013-3060 medium 6.4 FIX debian debian apache 13y ago Improper Authentication in Apache ActiveMQ
CVE-2012-6551 medium 5.0 FIX debian debian apache 13y ago Apache ActiveMQ default configuration subject to denial of service
CVE-2012-6092 medium 4.3 FIX debian debian apache 13y ago Cross-site Scripting in Apache ActiveMQ
CVE-2013-0253 medium 5.8 apache 13y ago The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2012-4460 medium 5.0 apache 13y ago The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via …
CVE-2012-4459 medium 5.0 apache 13y ago Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which trigge…
CVE-2012-4458 medium 5.0 apache 13y ago The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the clien…
CVE-2012-4446 medium 6.8 apache 13y ago Improper Authentication in Apache Qpid
CVE-2013-1814 medium 5.0 EXP apache 13y ago Apache Rave information disclosure vulnerability
CVE-2013-0239 medium 5.0 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-5633 medium 5.8 apache 13y ago Improper Authentication in Apache CXF
CVE-2012-4558 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …
CVE-2012-3499 medium 4.3 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
CVE-2012-2378 medium 4.3 apache 14y ago Improper Authentication in Apache CXF
CVE-2012-4431 medium 4.3 apache 14y ago Cross-Site Request Forgery in Apache Tomcat
CVE-2012-3546 medium 4.3 apache 14y ago Authentication Bypass in Apache Tomcat
CVE-2012-5568 medium 5.0 suse suse apache 14y ago Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-4557 medium 5.0 FIX debian debian apache 14y ago The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…
CVE-2012-5886 medium 5.0 apache 14y ago Improper Authentication in Apache Tomcat
CVE-2012-5885 medium 5.0 apache 14y ago Improper Access Control in Apache Tomcat
CVE-2012-2733 medium 5.0 apache 14y ago java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which …
CVE-2012-5786 medium 5.8 apache 14y ago The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s…
CVE-2012-5785 medium 5.8 apache 14y ago Apache Axis2 has Improper Input Validation
CVE-2012-5784 medium 5.8 FIX slesdebian debian apachepaypal 14y ago Man-in-the-middle attack in Apache Axis
CVE-2012-5783 medium 5.8 FIX slesdebian debianubuntu ubuntu apache 14y ago Improper Certificate Validation in Apache Commons HttpClient
CVE-2012-3446 medium 5.9 5.9 FIX debian debian apache 14y ago Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o…
CVE-2012-5351 medium 6.4 apache 14y ago Improper Authentication in Apache Axis2
CVE-2012-4418 medium 5.8 apache 14y ago Apache Axis2 Vulnerable to XML Signature wrapping attack
CVE-2012-2145 medium 5.0 apache 14y ago Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of inc…
CVE-2012-3451 medium 4.3 apache 14y ago Remote web-service operation execution in Apache CXF
CVE-2012-3373 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
CVE-2012-4360 medium 4.3 googleapache 14y ago Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
CVE-2012-4001 medium 5.0 googleapache 14y ago The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
CVE-2012-4387 medium 5.0 apache 14y ago Denial of service in Apache Struts
CVE-2012-4386 medium 6.8 apache 14y ago Cross-Site Request Forgery in Apache Struts
CVE-2012-3526 medium 5.0 FIX debian debian thomas_eibnerapache 14y ago The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For …
CVE-2012-3467 medium 5.0 apache 14y ago Apache QPID Allows Remote Authentication Bypass
CVE-2012-3502 medium 4.3 FIX debian debian apache 14y ago The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…
CVE-2012-0213 medium 5.0 apache 14y ago Denial of Service in Apache POI
CVE-2012-2138 medium 6.0 EXP apache 14y ago Apache Sling POST Servlets Denial of Service Vulnerability
CVE-2012-2098 medium 5.0 FIX debian debian apache 14y ago Uncontrolled Resource Consumption in Apache Commons Compress
CVE-2012-2380 medium 6.8 apache 14y ago Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by levera…
CVE-2012-2334 medium 6.8 FIX debian debian apachelibreoffice 14y ago Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service…
CVE-2012-0037 medium 6.5 6.5 rhelfedora fedoradebian debian librdflibreofficeapache 14y ago Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read…
CVE-2012-0883 medium 6.9 FIX debian debiansuse suse apache 14y ago envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …
CVE-2012-1574 medium 6.5 apachecloudera 14y ago Apache Hadoop allows impersonation of arbitrary cluster user accounts
CVE-2012-0256 medium 5.0 FIX debian debian apache 14y ago Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long …
CVE-2012-1089 medium 5.0 apache 14y ago Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wi…
CVE-2012-0047 medium 4.3 apache 14y ago Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
CVE-2012-1181 medium 5.0 FIX debian debian apache 14y ago fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to…
CVE-2012-0840 medium 6.0 EXPFIX debian debian apache 15y ago tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen…
CVE-2012-1007 medium 5.3 EXP apache 15y ago Withdrawn Advisory: Apache Struts XSS
CVE-2012-1006 medium 5.3 EXP apache 15y ago Apache Struts Multiple Cross-site Scripting Vulnerabilities
CVE-2012-0053 medium 5.3 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …
CVE-2012-0022 medium 5.0 apache 15y ago Denial of Service in Apache Tomcat
CVE-2011-3375 medium 5.0 apache 15y ago Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
CVE-2012-0031 medium 5.6 EXPFIX debian debiansuse suse rhel apacheredhat 15y ago scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …
CVE-2011-5064 medium 4.3 apache 15y ago Use of Hard-coded Cryptographic Key in Apache Tomcat
CVE-2011-5063 medium 4.3 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-5062 medium 5.0 apache 15y ago Improper Authentication in Apache Tomcat
CVE-2011-1184 medium 5.0 apache 15y ago Authentication Bypass in Apache Tomcat
CVE-2011-5057 medium 6.0 EXP apache 15y ago Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…
CVE-2012-0394 medium 7.8 EXP apache 15y ago Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
CVE-2012-0393 medium 7.4 EXP apache 15y ago Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2012-0392 medium 7.8 EXP apache 15y ago Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2011-4858 medium 6.0 EXP apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-4905 medium 5.0 FIX debian debian apache 15y ago Denial of Service in Apache ActiveMQ
CVE-2007-6750 medium 6.0 EXPFIX debian debian apache 15y ago The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…
CVE-2011-4317 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…
CVE-2011-3639 medium 5.3 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…
CVE-2011-3376 medium 4.4 apache 15y ago org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi…
CVE-2011-3607 medium 5.4 EXPFIX debian debian apache 15y ago Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…
CVE-2011-3368 medium 6.0 EXPFIX debian debian apache 15y ago The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…
CVE-2011-3348 medium 4.3 FIX debian debian rhel apacheredhat 15y ago The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…
CVE-2010-4340 medium 4.3 FIX debian debian apache 15y ago libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM…
CVE-2011-2729 medium 5.0 FIX debian debian linux-kernel apache 15y ago native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on…
CVE-2011-2481 medium 4.6 apache 15y ago Apache Tomcat Allows Replacing of XML Parser
CVE-2011-2526 medium 4.4 apache 15y ago Improper Input Validation in Apache Tomcat
CVE-2011-2516 medium 5.0 FIX debian debian apacheshibboleth 15y ago Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of servic…
CVE-2011-1498 medium 4.3 FIX debian debian apache 15y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
CVE-2011-1921 medium 4.3 FIX debian debian apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce…
CVE-2011-1783 medium 4.3 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to…
CVE-2011-1752 medium 5.0 FIX macos macosdebian debianubuntu ubuntu apache 15y ago The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) …
CVE-2011-2329 medium 6.5 apache 15y ago The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers…
CVE-2011-1077 medium 4.3 apache 15y ago Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1026 medium 6.8 apache 15y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
CVE-2011-1928 medium 4.3 FIX debian debian apache 15y ago The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…
CVE-2011-1582 medium 4.3 apache 15y ago Access restriction bypass in Apache Tomcat
CVE-2011-0419 medium 5.3 EXPFIX debian debianmacos macosfreebsd freebsd apache 15y ago Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …
CVE-2011-2088 medium 5.0 apacheopensymphony 15y ago XWork in Apache Struts Reveals Sensitive Information
CVE-2011-2087 medium 4.3 apache 15y ago Apache Struts Multiple XSS Vulnerabilities
CVE-2011-1475 medium 5.0 apache 15y ago Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
CVE-2011-1183 medium 5.8 apache 15y ago Access controll bypass in Apache Tomcat
CVE-2011-1176 medium 4.3 FIX debian debian mpm-itk_projectapache 15y ago The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration section…