Lucene search
K

11 matches found

CVE
CVE
added 2008/01/25 12:0 a.m.484 views

CVE-2008-0455

CVE-2008-0455 is an XSS vulnerability in the mod_negotiation module of Apache HTTP Server. A remote authenticated attacker can upload a file whose name contains XSS sequences and a file extension, causing arbitrary script/HTML to be injected into HTTP responses (notably for 406 Not Acceptable or ...

4.3CVSS5AI score0.6477EPSS
CVE
CVE
added 2008/08/06 6:0 p.m.387 views

CVE-2008-2939

CVE-2008-2939 is an XSS vulnerability in the Apache HTTP Server when using the mod_proxy_ftp module. The flaw arises from insufficient sanitization of user-supplied data in FTP URIs, specifically involving a wildcard in the last directory component of the pathname. A remote attacker could inject ...

4.3CVSS6.7AI score0.38953EPSS
CVE
CVE
added 2008/01/12 12:0 a.m.312 views

CVE-2007-6423

The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...

7.8CVSS6.5AI score0.03901EPSS
CVE
CVE
added 2008/01/25 12:0 a.m.284 views

CVE-2008-0456

CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...

2.6CVSS7.2AI score0.19036EPSS
CVE
CVE
added 2008/06/13 6:0 p.m.273 views

CVE-2008-2364

The CVE-2008-2364 entry concerns the Apache HTTP Server mod_proxy, specifically the ap_proxy_http_process_response function in the mod_proxy_http.c file for Apache versions 2.0.63 and 2.2.8. The issue is that it does not cap the number of forwarded interim responses, which can lead to memory exha...

5CVSS7.2AI score0.12714EPSS
CVE
CVE
added 2008/01/08 6:0 p.m.254 views

CVE-2007-6388

CVE-2007-6388 is an XSS vulnerability in Apache HTTP Server mod_status when the server-status page is enabled. The initial description covers affected versions: Apache HTTP Server 2.2.0–2.2.6, 2.0.35–2.0.61, and 1.3.2–1.3.39, with arbitrary web script/HTML injection possible via unspecified vecto...

4.3CVSS8AI score0.75891EPSS
CVE
CVE
added 2008/01/12 12:0 a.m.227 views

CVE-2007-6420

The CVE-2007-6420 issue is a CSRF vulnerability in the balancer-manager interface of Apache HTTP Server 2.2.x (mod_proxy_balancer). The vulnerability could allow remote attackers to gain privileges via unspecified vectors affecting the balancer-management UI. Connected advisories indicate multipl...

4.3CVSS6.7AI score0.09114EPSS
CVE
CVE
added 2008/01/08 6:0 p.m.217 views

CVE-2007-6422

CVE-2007-6422 affects Apache HTTP Server 2.2.0–2.2.6 when using a threaded MPM. The vulnerability in the mod_proxy_balancer module allows remote authenticated users to cause a denial of service by triggering a crash of the Apache child process via an invalid bb variable. This is documented in mul...

4CVSS5.8AI score0.09951EPSS
CVE
CVE
added 2008/01/08 7:0 p.m.201 views

CVE-2007-6421

CVE-2007-6421 is an XSS vulnerability in Apache HTTP Server 2.2.0–2.2.6 within the balancer-manager component of mod_proxy_balancer. An attacker could inject arbitrary script/HTML via the (1) ss, (2) wr, or (3) rr parameters, or via the URL. Affected product: Apache httpd 2.2.x (balancer-manager)...

3.5CVSS7.8AI score0.08324EPSS
CVE
CVE
added 2008/05/13 9:0 p.m.175 views

CVE-2008-2168

CVE-2008-2168 : The linked SUSE/NVD entries describe a cross-site scripting (XSS) vulnerability in Apache HTTP Server up to version 2.2.6 and earlier, exploitable via UTF-7 encoded URLs that are mishandled when rendering the 403 Forbidden error page. Attacker-provided URL input can inject arbitra...

4.3CVSS5.4AI score0.54851EPSS
CVE
CVE
added 2008/01/12 12:0 a.m.152 views

CVE-2008-0005

CVE-2008-0005 affects Apache httpd mod_proxy_ftp: versions prior to 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev do not define a charset, enabling remote XSS via UTF-7 encoding. Remediation per connected advisories: upgrade to patched Apache httpd versions that backport fixes f...

4.3CVSS8.6AI score0.14611EPSS