Lucene search
K

13 matches found

CVE
CVE
added 2009/11/09 5:0 p.m.1315 views

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

9.8CVSS6AI score0.87264EPSS
CVE
CVE
added 2009/07/10 3:0 p.m.911 views

CVE-2009-1891

CVE-2009-1891 affects the Apache HTTP Server mod_deflate in 2.2.x (notably 2.2.11 and earlier). The issue causes CPU consumption DoS by compressing large files even after the client connection closes. Public advisories across distributions confirm the flaw and its remediation via updated packages...

7.1CVSS7.3AI score0.17111EPSS
CVE
CVE
added 2009/07/05 4:0 p.m.728 views

CVE-2009-1890

CVE-2009-1890 affects Apache HTTP Server when used as a reverse proxy. The mod_proxy_http.c mechanism can fail to correctly bound a stream when Content-Length is exceeded, causing a denial-of-service via CPU exhaustion from crafted requests. The issue is specific to the reverse-proxy path in mod_...

7.1CVSS7.2AI score0.16159EPSS
CVE
CVE
added 2009/09/08 6:0 p.m.553 views

CVE-2009-3095

CVE-2009-3095 is a vulnerability in Apache httpd’s mod_proxy_ftp that allows remote authenticated attackers to bypass access restrictions and send arbitrary commands to an FTP server via crafted HTTP Authorization header vectors. The issue is part of a set of fixes for mod_proxy_ftp in the same a...

5CVSS9.4AI score0.1256EPSS
CVE
CVE
added 2009/05/28 8:14 p.m.387 views

CVE-2009-1195

CVE-2009-1195 affects the Apache HTTP Server 2.2.x line (2.2.11 and earlier). The issue arises from improper handling of the Options=IncludesNOEXEC in the AllowOverride directive, enabling local users to configure .htaccess files to enable script execution via (1) Options Includes, (2) Options +I...

4.9CVSS7.3AI score0.01955EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.371 views

CVE-2009-1955

CVE-2009-1955 affects the Expact XML parser used by the apr_xml_* interface in xml/apr_xml.c of APR-util, with the vulnerability present in APR-util prior to 1.3.7. In Apache HTTP Server deployments that enable mod_dav and mod_dav_svn, a crafted XML document containing a large number of nested en...

7.5CVSS6.9AI score0.52988EPSS
CVE
CVE
added 2009/10/13 10:0 a.m.278 views

CVE-2009-2699

The vulnerability CVE-2009-2699 affects the Solaris pollset feature in the Event Port backend (poll/unix/port.c) of the Apache Portable Runtime (APR) library prior to 1.3.9, as used by Apache HTTP Server prior to 2.2.14 and other products. The issue arises from improper error handling in the Sola...

7.5CVSS7.3AI score0.14173EPSS
CVE
CVE
added 2009/11/03 4:0 p.m.244 views

CVE-2009-3720

CVE-2009-3720 affects Expat 2.0.1 (libexpat) and its use in Python, PyXML, w3c-libwww, etc. Root cause: in lib/xmltok_impl.c, updatePosition handles crafted UTF-8 sequences, causing a buffer over-read and potential application crash (DoS). Connected documents confirm exploits are not detailed bey...

5CVSS7AI score0.27924EPSS
CVE
CVE
added 2009/12/04 9:0 p.m.232 views

CVE-2009-3560

CVE-2009-3560 is an Expat 2.0.1 XML parsing vulnerability (big2_toUtf8 in libxmltok.c) that can cause a denial of service via malformed UTF-8 sequences in XML, triggering a buffer over-read in doProlog. Connected docs reference Expat/XML parsing context and list vulnerable products/versions; howe...

5CVSS7.5AI score0.24313EPSS
CVE
CVE
added 2009/09/08 6:0 p.m.200 views

CVE-2009-3094

The CVE-2009-3094 issue affects Apache HTTP Server’s mod_proxy_ftp (ap_proxy_ftp_handler in proxy modules) and is caused by insufficient input validation in responses to EPSV commands. This allowed remote FTP servers to trigger a NULL pointer dereference, crashing a child httpd process and causin...

2.6CVSS6.4AI score0.08566EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.161 views

CVE-2009-1956

CVE-2009-1956: Off-by-one error in apr_brigade_vprintf in Apache APR-util before 1.3.5 on big-endian platforms. Remote attackers could obtain sensitive information or cause a denial of service (application crash) via crafted input. Affected product: APR-util (pre-1.3.5) used with APR/httpd; impac...

6.4CVSS7.4AI score0.12042EPSS
CVE
CVE
added 2009/06/06 6:0 p.m.148 views

CVE-2009-0023

CVE-2009-0023 affects Apache APR-util prior to 1.3.5. The vulnerability in apr_strmatch_precompile (strmatch/apr_strmatch.c) can be exploited by crafted input via that library’s usage contexts (e.g., .htaccess with Apache HTTP Server, SVNMasterURI in mod_dav_svn, mod_apreq2, or applications using...

4.3CVSS7.5AI score0.0853EPSS
CVE
CVE
added 2009/04/23 5:0 p.m.101 views

CVE-2009-1191

CVE-2009-1191 affects the Apache HTTP Server, specifically the mod_proxy_ajp component in 2.2.11. The issue allows a remote attacker to obtain sensitive response data intended for a client that sent an earlier POST request with no request body, via a crafted HTTP request. Connected advisories not...

5CVSS7.2AI score0.12383EPSS