Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4849 | Information Exposure vulnerability in Apache Derby 10.0.2.1/10.1.1.0 Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
2005-11-20 | CVE-2005-3351 | Unspecified vulnerability in Apache Spamassassin 3.0.4 SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | 5.0 |
2005-05-02 | CVE-2005-1344 | Buffer Overflow vulnerability in Apache Http Server 2.0.52 Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. | 7.5 |
2005-05-02 | CVE-2005-0808 | Remote Malformed Request Denial Of Service vulnerability in Apache Tomcat Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | 5.0 |
2005-05-02 | CVE-2005-0088 | Information Disclosure vulnerability in Apache mod_python Module Publisher Handler The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL. | 7.5 |
2005-03-14 | CVE-2005-0508 | Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | 4.6 |
2005-02-09 | CVE-2004-0940 | Incorrect Calculation of Buffer Size vulnerability in multiple products Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | 7.8 |
2005-01-11 | CVE-2005-0108 | Integer Overflow vulnerability in Apache MOD Auth Radius 1.5.4 Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | 5.0 |
2004-12-31 | CVE-2004-2650 | Denial Of Service vulnerability in Apache James 2.2.0 Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | 4.9 |
2004-12-31 | CVE-2004-1575 | Denial Of Service vulnerability in Apache Xerces-C++ 2.5.0 The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | 5.0 |