Search Results (3130 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1172 1 Apache 1 Cocoon 2026-04-16 N/A
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2003-0542 2 Apache, Redhat 5 Http Server, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
CVE-2003-0253 2 Apache, Redhat 2 Http Server, Linux 2026-04-16 N/A
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
CVE-2001-0731 2 Apache, Redhat 3 Http Server, Linux, Secure Web Server 2026-04-16 N/A
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
CVE-2001-0917 1 Apache 1 Tomcat 2026-04-16 N/A
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
CVE-2004-1575 1 Apache 1 Xerces-c\+\+ 2026-04-16 N/A
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
CVE-1999-0045 2 Apache, Netscape 4 Http Server, Commerce Server, Communications Server and 1 more 2026-04-16 N/A
List of arbitrary files on Web host via nph-test-cgi script.
CVE-1999-0107 1 Apache 1 Http Server 2026-04-16 N/A
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
CVE-2001-1556 1 Apache 1 Http Server 2026-04-16 3.3 Low
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
CVE-2006-1548 2 Apache, Redhat 2 Struts, Rhel Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
CVE-2006-2447 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2026-04-16 N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2006-0042 2 Apache, Debian 2 Libapreq2, Debian Linux 2026-04-16 N/A
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
CVE-2004-0173 1 Apache 1 Http Server 2026-04-16 N/A
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
CVE-2005-4703 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
CVE-2005-4838 2 Apache, Redhat 3 Tomcat, Network Satellite, Rhel Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CVE-2006-0743 1 Apache 1 Log4net 2026-04-16 N/A
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
CVE-2005-3745 2 Apache, Redhat 2 Struts, Rhel Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
CVE-1999-1412 2 Apache, Apple 2 Http Server, Macos 2026-04-16 N/A
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
CVE-2005-3352 2 Apache, Redhat 5 Http Server, Enterprise Linux, Network Proxy and 2 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
CVE-2005-3164 2 Apache, Hitachi 2 Tomcat, Cosminexus Application Server 2026-04-16 N/A
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.