CVE-2021-2480

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2021-35666

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful...

CVE-2021-32812

Monkshu is an enterprise application server for mobile apps iOS and Android, responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a...

CVE-2021-26528

The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-21966

An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-20019

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability...

CVE-2020-2545

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OSSL Module. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

CVE-2020-25073

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...

CVE-2020-14107

A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN...

CVE-2020-29596

MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service daemon crash via a long name for the first parameter in a POST request...

CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

CVE-2020-2215

A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password...

CVE-2010-2327

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

CVE-2016-3987

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to 1 api/openUrlInDefaultBrowser or 2 api/showSB...

CVE-2017-8219

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI...

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

CVE-2019-17104

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set...

CVE-2019-19791

In LemonLDAP::NG aka lemonldap-ng before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints when some LemonLDAP::NG setup options are used. For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive...

CVE-2019-15782

WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...