phf CGI program allows remote command execution through shell metacharacters.
Max CVSS
10.0
EPSS Score
29.63%
Published
1996-03-20
Updated
2024-01-26
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
Max CVSS
10.0
EPSS Score
0.39%
Published
1999-09-03
Updated
2008-09-05
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
Max CVSS
10.0
EPSS Score
2.34%
Published
1998-08-07
Updated
2021-06-06
Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
Max CVSS
10.0
EPSS Score
0.13%
Published
1999-06-06
Updated
2020-07-21
mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
Max CVSS
10.0
EPSS Score
0.36%
Published
1999-12-31
Updated
2016-10-18
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
Max CVSS
10.0
EPSS Score
0.37%
Published
2003-11-03
Updated
2022-09-23
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
Max CVSS
10.0
EPSS Score
1.23%
Published
2004-08-06
Updated
2021-06-06
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-09-06
Updated
2023-02-13
The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
Max CVSS
10.0
EPSS Score
0.55%
Published
2007-08-27
Updated
2008-09-05
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
10.96%
Published
2009-08-06
Updated
2023-02-13

CVE-2010-0219

Public exploit
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Max CVSS
10.0
EPSS Score
97.51%
Published
2010-10-18
Updated
2018-10-10

CVE-2010-0425

Public exploit
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Max CVSS
10.0
EPSS Score
97.27%
Published
2010-03-05
Updated
2021-06-06
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Max CVSS
10.0
EPSS Score
0.76%
Published
2018-08-26
Updated
2019-09-24
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Max CVSS
10.0
EPSS Score
1.89%
Published
2012-03-02
Updated
2018-12-07
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.83%
Published
2013-01-03
Updated
2023-02-13
Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.41%
Published
2012-10-25
Updated
2018-05-18
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
Max CVSS
10.0
EPSS Score
2.68%
Published
2012-10-26
Updated
2012-10-26
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
Max CVSS
10.0
EPSS Score
0.61%
Published
2013-07-11
Updated
2014-04-01
Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
Max CVSS
10.0
EPSS Score
0.66%
Published
2013-08-15
Updated
2018-05-18
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.87%
Published
2013-09-30
Updated
2016-12-07
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
Max CVSS
10.0
EPSS Score
0.19%
Published
2014-08-22
Updated
2017-08-29
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.98%
Published
2017-01-13
Updated
2018-10-09
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
Max CVSS
10.0
EPSS Score
0.21%
Published
2017-09-13
Updated
2017-09-21
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
Max CVSS
10.0
EPSS Score
0.21%
Published
2017-09-13
Updated
2017-09-21
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
Max CVSS
10.0
EPSS Score
0.37%
Published
2016-05-13
Updated
2018-10-30
431 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!