Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-30 | CVE-2007-2353 | Information Exposure vulnerability in Apache Axis 1.0 Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | 5.0 |
| 2007-04-13 | CVE-2007-1741 | Race Condition vulnerability in Apache Http Server 2.2.3 Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. | 6.2 |
| 2007-03-30 | CVE-2007-1349 | Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | 5.0 |
| 2007-02-16 | CVE-2007-0451 | Resource Management Errors vulnerability in Apache Spamassassin Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Upgrade to SpamAssassin version 3.1.8 | 4.3 |
| 2006-12-15 | CVE-2006-6589 | HTML Injection vulnerability in Apache Ofbiz and Opentaps Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. network apache | 6.8 |
| 2006-12-15 | CVE-2006-6587 | HTML Injection vulnerability in OFBiz Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. network apache | 6.8 |
| 2006-10-16 | CVE-2006-4154 | Remote Format String vulnerability in Apache Mod_TCL Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. network apache | 6.8 |
| 2006-08-14 | CVE-2006-4110 | Information Disclosure vulnerability in Apache Http Server 2.0.58/2.2.2/2.2.3 Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. network apache | 4.3 |
| 2006-06-06 | CVE-2006-2447 | Remote Command Execution vulnerability in Apache Spamassassin 3.1.0/3.1.1/3.1.2 SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | 5.1 |
| 2006-03-30 | CVE-2006-1548 | Remote vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. network apache | 4.3 |