Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-05 | CVE-2009-0783 | Information Exposure vulnerability in Apache Tomcat Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. | 4.2 |
| 2008-08-29 | CVE-2008-3282 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | 7.8 |
| 2006-03-30 | CVE-2006-1547 | Unspecified vulnerability in Apache Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | 7.5 |
| 2005-02-09 | CVE-2004-0940 | Incorrect Calculation of Buffer Size vulnerability in multiple products Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | 7.8 |
| 2004-10-20 | CVE-2004-0747 | Incorrect Calculation of Buffer Size vulnerability in Apache Http Server Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | 7.8 |
| 2004-05-04 | CVE-2004-0174 | Improper Locking vulnerability in Apache Http Server Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." | 7.5 |
| 2002-12-31 | CVE-2002-1850 | Improper Locking vulnerability in Apache Http Server 2.0.39/2.0.40 mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script. | 7.5 |
| 2001-10-18 | CVE-2001-0766 | Improper Handling of Case Sensitivity vulnerability in Apache Http Server 1.3.14 Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | 9.8 |
| 1997-01-01 | CVE-1999-0236 | Information Exposure vulnerability in multiple products ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | 7.5 |