Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-09 | CVE-2006-0743 | USE of Externally-Controlled Format String vulnerability in Apache Log4Net 1.2.9Beta Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | 5.0 |
| 2006-02-18 | CVE-2006-0042 | Denial of Service vulnerability in Apache Libapreq2 Quadratic Behavior Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | 5.0 |
| 2006-01-18 | CVE-2006-0254 | Input Validation vulnerability in Apache Geronimo 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. network apache | 4.3 |
| 2005-12-31 | CVE-2005-4849 | Information Exposure vulnerability in Apache Derby 10.0.2.1/10.1.1.0 Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | 5.0 |
| 2005-11-20 | CVE-2005-3351 | Unspecified vulnerability in Apache Spamassassin 3.0.4 SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | 5.0 |
| 2005-05-02 | CVE-2005-0808 | Remote Malformed Request Denial Of Service vulnerability in Apache Tomcat Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | 5.0 |
| 2005-03-14 | CVE-2005-0508 | Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue." | 4.6 |
| 2005-01-11 | CVE-2005-0108 | Integer Overflow vulnerability in Apache MOD Auth Radius 1.5.4 Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | 5.0 |
| 2004-12-31 | CVE-2004-2650 | Denial Of Service vulnerability in Apache James 2.2.0 Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | 4.9 |
| 2004-12-31 | CVE-2004-1575 | Denial Of Service vulnerability in Apache Xerces-C++ 2.5.0 The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | 5.0 |