5 matches found
CVE-2013-2249
CVE-2013-2249 concerns Apache HTTP Server’s mod_session_dbd. The issue arises when mod_session_dbd proceeds with save operations for a session without honoring the dirty flag or requiring a new session ID, as described in multiple sources. Public references indicate the vulnerability is associate...
CVE-2012-3499
CVE-2012-3499 affects Apache HTTP Server 2.2.x (pre-2.2.24-dev) and 2.4.x (pre-2.4.4). The issue comprises multiple XSS flaws in modules including mod_imagemap, mod_info, mod_ldap, mod_proxy_ftp, and mod_status. An attacker can inject arbitrary web script/HTML via crafted Host header or URI-relat...
CVE-2013-1896
The CVE-2013-1896 issue affects the Apache HTTP Server: mod_dav.c fails to correctly determine if DAV is enabled for a URI, allowing a remote attacker to trigger a segfault via a MERGE request when the URI is handled by mod_dav_svn and the href in the XML data points to a non-DAV URI. This can le...
CVE-2013-1862
CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...
CVE-2012-4558
CVE-2012-4558 is an XSS vulnerability in Apache HTTP Server's balancer_handler (mod_proxy_balancer). Remote attackers can inject arbitrary web script/HTML via a crafted string in the manager interface for Apache 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4. Impact is arbitrary script execution ...