Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-05 | CVE-2006-7216 | Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | 4.0 |
| 2007-06-20 | CVE-2007-3303 | Code Injection vulnerability in Apache Http Server 2.0.59/2.2.4 Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. | 4.9 |
| 2007-06-18 | CVE-2007-3101 | Cross-Site Scripting vulnerability in Apache Myfaces Tomahawk 1.1.5 Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. network apache | 4.3 |
| 2007-04-30 | CVE-2007-2353 | Information Exposure vulnerability in Apache Axis 1.0 Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | 5.0 |
| 2007-04-13 | CVE-2007-1741 | Race Condition vulnerability in Apache Http Server 2.2.3 Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. | 6.2 |
| 2007-03-30 | CVE-2007-1349 | Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | 5.0 |
| 2007-02-16 | CVE-2007-0451 | Resource Management Errors vulnerability in Apache Spamassassin Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Upgrade to SpamAssassin version 3.1.8 | 4.3 |
| 2006-12-15 | CVE-2006-6589 | HTML Injection vulnerability in Apache Ofbiz and Opentaps Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. network apache | 6.8 |
| 2006-12-15 | CVE-2006-6588 | Remote Security vulnerability in Open For Business Project The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | 7.5 |
| 2006-12-15 | CVE-2006-6587 | HTML Injection vulnerability in OFBiz Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. network apache | 6.8 |