Lucene search
K

7 matches found

CVE
CVE
added 2012/04/18 10:0 a.m.1306 views

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

6.9CVSS6.1AI score0.00946EPSS
CVE
CVE
added 2012/08/22 7:0 p.m.1279 views

CVE-2012-2687

Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-2687 due to XSS in the mod_negotiation make_variant_list function (mod_negotiation.c) when MultiViews is enabled. The vulnerability arises from improper handling of crafted filenames during variant list construction, allowing remote at...

2.6CVSS5.5AI score0.22515EPSS
CVE
CVE
added 2012/01/28 2:0 a.m.1198 views

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

4.3CVSS6.2AI score0.82756EPSS
CVE
CVE
added 2012/01/18 8:0 p.m.829 views

CVE-2012-0031

CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...

4.6CVSS7AI score0.02905EPSS
CVE
CVE
added 2012/11/30 7:0 p.m.572 views

CVE-2012-4557

CVE-2012-4557 affects the Apache HTTP Server, specifically the mod_proxy_ajp module in versions 2.2.12–2.2.21. The vulnerability causes a worker node to enter an error state when a long request-processing time is detected, enabling remote attackers to trigger a denial of service via an expensive ...

5CVSS6.2AI score0.1747EPSS
CVE
CVE
added 2012/01/28 2:0 a.m.289 views

CVE-2012-0021

CVE-2012-0021 affects Apache HTTP Server 2.2.17–2.2.21 when using a threaded MPM. The log_cookie function mishandles a %{}C format string in cookies, enabling a remote attacker to cause a denial of service (daemon crash) by sending a cookie with no name and no value. Connected sources (F5 advisor...

2.6CVSS8.8AI score0.30809EPSS
CVE
CVE
added 2012/08/22 7:0 p.m.197 views

CVE-2012-3502

Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-3502. The vulnerability lies in the proxy components (mod_proxy_ajp.c and mod_proxy_http.c) where the server does not correctly determine when to close a back-end connection, allowing an attacker to read a response intended for a diffe...

4.3CVSS6AI score0.09895EPSS