| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1814 |
200 |
1
|
+Info |
2013-03-13 |
2013-03-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response. |
|
2 |
CVE-2012-2149 |
189 |
1
|
Exec Code Overflow |
2012-06-21 |
2012-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. |
|
3 |
CVE-2012-2098 |
310 |
1
|
DoS |
2012-06-29 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. |
|
4 |
CVE-2012-0394 |
94 |
1
|
Exec Code |
2012-01-08 |
2012-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." |
|
5 |
CVE-2012-0393 |
264 |
1
|
|
2012-01-08 |
2012-01-12 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. |
|
6 |
CVE-2012-0392 |
264 |
1
|
Exec Code |
2012-01-08 |
2012-01-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. |
|
7 |
CVE-2012-0391 |
20 |
1
|
Exec Code |
2012-01-08 |
2012-01-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. |
|
8 |
CVE-2011-3368 |
20 |
1
|
|
2011-10-05 |
2013-02-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. |
|
9 |
CVE-2011-3192 |
399 |
1
|
DoS |
2011-08-29 |
2012-10-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. |
|
10 |
CVE-2010-2103 |
79 |
1
|
XSS |
2010-05-27 |
2013-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. |
|
11 |
CVE-2010-1870 |
|
1
|
Bypass |
2010-08-17 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. |
|
12 |
CVE-2010-0219 |
255 |
1
|
Exec Code |
2010-10-18 |
2013-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. |
|
13 |
CVE-2010-0010 |
189 |
1
|
DoS Exec Code Overflow |
2010-02-02 |
2011-09-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. |
|
14 |
CVE-2009-1955 |
399 |
1
|
DoS |
2009-06-07 |
2013-04-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. |
|
15 |
CVE-2008-5518 |
22 |
1
|
Dir. Trav. |
2009-04-17 |
2009-04-28 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet); the (5) createDB parameter to console/portal/Embedded DB/DB Manager (aka the Embedded DB/DB Manager portlet); or the (6) filename parameter to the createKeystore script in the Security/Keystores portlet. |
|
16 |
CVE-2008-2938 |
22 |
1
|
Dir. Trav. |
2008-08-12 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. |
|
17 |
CVE-2007-5731 |
22 |
1
|
Dir. Trav. |
2007-10-30 |
2008-11-15 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. |
|
18 |
CVE-2007-5461 |
22 |
1
|
Dir. Trav. |
2007-10-15 |
2010-08-21 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
|
19 |
CVE-2007-5156 |
|
2
|
Exec Code |
2007-10-01 |
2011-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. |
