Vulnerabilities > Apache > Low

DATE CVE VULNERABILITY TITLE RISK
2011-05-07 CVE-2011-1503 Information Exposure vulnerability in Liferay Portal
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3.5
2011-05-07 CVE-2011-1570 Cross-Site Scripting vulnerability in Liferay Portal
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3.5
2010-08-16 CVE-2009-4269 Cryptographic Issues vulnerability in Apache Derby
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
local
low complexity
apache CWE-310
2.1
2010-04-05 CVE-2010-0684 Cross-Site Scripting vulnerability in Apache Activemq
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
network
apache CWE-79
3.5
2010-02-05 CVE-2003-1581 Cross-Site Scripting vulnerability in Apache Http Server 2.0.44
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
network
high complexity
apache CWE-79
2.6
2009-03-03 CVE-2009-0754 USE of Externally-Controlled Format String vulnerability in PHP 4.4.4/5.1.6
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
local
low complexity
php apache CWE-134
2.1
2008-02-12 CVE-2008-0732 Link Following vulnerability in Apache Geronimo
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
local
low complexity
suse apache CWE-59
2.1
2007-10-30 CVE-2007-5731 Path Traversal vulnerability in Apache Jakarta Slide 2.1
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
network
apache CWE-22
3.5
2004-12-31 CVE-2004-1387 Local Security vulnerability in Apache Http Server 1.3.31
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
local
low complexity
apache
2.1
2002-11-04 CVE-2002-1233 Unspecified vulnerability in Apache Http Server
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
local
high complexity
apache
2.6