Lucene search
K

11645 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.3 views

SUSE CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

4.3CVSS6.5AI score0.30406EPSS
Exploits5References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.2 views

SUSE CVE-2011-1928

The fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service infinite loop via a URI that does not match unspecified types of wildcard patterns, as demonstrated by...

4.3CVSS6.9AI score0.10322EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.10 views

SUSE CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS8.8AI score0.98945EPSS
Exploits17References20
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.6 views

SUSE CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

4.3CVSS6.8AI score0.2238EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.9 views

SUSE CVE-2011-4415

The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...

1.2CVSS6.8AI score0.031EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.4 views

SUSE CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

2.6CVSS7.2AI score0.03213EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...

4.6CVSS9.1AI score0.02905EPSS
Exploits4References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.3 views

SUSE CVE-2012-2687

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

2.6CVSS7.7AI score0.22515EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.6 views

SUSE CVE-2012-3502

The proxy functionality in 1 modproxyajp.c in the modproxyajp module and 2 modproxyhttp.c in the modproxyhttp module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitiv...

4.3CVSS8.8AI score0.09895EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4558

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

4.3CVSS5.9AI score0.22913EPSS
Exploits2References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

5CVSS6.9AI score0.1747EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.7 views

SUSE CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

4.3CVSS6.8AI score0.11534EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.2 views

SUSE CVE-2013-6438

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS8.5AI score0.26831EPSS
Exploits2References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.3 views

SUSE CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

5CVSS8.7AI score0.43809EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.5 views

SUSE CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

5CVSS8.8AI score0.10783EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.3 views

SUSE CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

5CVSS8.7AI score0.18812EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:9 a.m.9 views

SUSE CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

7.5CVSS6.9AI score0.49024EPSS
Exploits4References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2161

In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...

7.5CVSS7AI score0.20952EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.3 views

SUSE CVE-2018-17199

In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...

4.3CVSS7.8AI score0.19994EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.2 views

SUSE CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...

7.5CVSS8.8AI score0.10508EPSS
Exploits0References4
Rows per page
Query Builder