CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

Kaspersky•added 2019/04/01 12:0 a.m.•55 views

KLA12365 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denial of service...

7.8CVSS9.5AI score0.89568EPSS

Exploits8References3

FreeBSD•added 2019/04/01 12:0 a.m.•76 views

Apache -- Multiple vulnerabilities

The Apache httpd Project reports: Apache HTTP Server privilege escalation from modules' scripts CVE-2019-0211 important modauthdigest access control bypass CVE-2019-0217 important modssl access control bypass CVE-2019-0215 important modhttp2, possible crash on late upgrade CVE-2019-0197 low...

7.8CVSS1.4AI score0.89568EPSS

Exploits8References2

Apache Httpd•added 2019/01/20 12:0 a.m.•105 views

Apache Httpd < 2.4.39 : Apache httpd URL normalization inconsistincy

When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them...

5.3CVSS2.1AI score0.23866EPSS

Exploits0Affected Software1

Friends Of PHP•added 2018/12/29 8:39 p.m.•16 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.0031EPSS

Exploits1Affected Software1

Tenable Nessus•added 2018/06/19 12:0 a.m.•955 views

Oracle GlassFish Server URL normalization Denial of Service

The instance of Oracle GlassFish Server running on the remote host is affected by an authenticated and unauthenticated denial of service vulnerability. The vulnerability is a result of an infinite loop in the normalize method in com.sun.jsftemplating.util.fileStreamer.ResourceContentSource. A...

5.6AI score

Exploits0References1

OSV•added 2018/05/17 3:29 a.m.•2 views

CVE-2018-0271

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

9.8CVSS5.8AI score0.03002EPSS

Exploits0References2

NVD•added 2018/05/17 3:29 a.m.•10 views

CVE-2018-0271

9.8CVSS9.8AI score0.03002EPSS

Exploits0References2

Prion•added 2018/05/17 3:29 a.m.•15 views

Authentication flaw

7.5CVSS9.6AI score0.03002EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2018/05/17 3:0 a.m.•10 views

CVE-2018-0271

7.6AI score0.03002EPSS

Exploits0References2

Tenable Nessus•added 2017/08/09 12:0 a.m.•50 views

Oracle Linux 7 : tomcat (ELSA-2017-2247)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2247 advisory. - Resolves: rhbz1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism - Resolves: rhbz1441481 CVE-2017-5647 tomcat: Incorre...

9.1CVSS6.7AI score0.92712EPSS

Exploits19References6

Oracle linux•added 2016/11/09 12:0 a.m.•51 views

tomcat security, bug fix, and enhancement update

0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...

8.8CVSS0.6AI score0.4988EPSS

Exploits0