Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-16 | CVE-2006-4154 | Remote Format String vulnerability in Apache Mod_TCL Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. network apache | 6.8 |
| 2006-08-14 | CVE-2006-4110 | Information Disclosure vulnerability in Apache Http Server 2.0.58/2.2.2/2.2.3 Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. network apache | 4.3 |
| 2006-06-06 | CVE-2006-2447 | Remote Command Execution vulnerability in Apache Spamassassin 3.1.0/3.1.1/3.1.2 SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | 5.1 |
| 2006-06-05 | CVE-2006-2806 | Denial Of Service vulnerability in Apache James 2.2.0 The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | 7.8 |
| 2006-03-30 | CVE-2006-1548 | Remote vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. network apache | 4.3 |
| 2006-03-30 | CVE-2006-1547 | Remote vulnerability in Apache Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | 7.8 |
| 2006-03-09 | CVE-2006-0743 | USE of Externally-Controlled Format String vulnerability in Apache Log4Net 1.2.9Beta Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | 5.0 |
| 2006-03-09 | CVE-2006-1095 | Path Traversal vulnerability in Apache MOD Python 3.2.7 Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | 7.2 |
| 2006-02-18 | CVE-2006-0042 | Denial of Service vulnerability in Apache Libapreq2 Quadratic Behavior Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | 5.0 |
| 2006-01-18 | CVE-2006-0254 | Input Validation vulnerability in Apache Geronimo 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. network apache | 4.3 |