Search Results (3063 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3747 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2026-04-16 N/A
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
CVE-2003-0042 1 Apache 1 Tomcat 2026-04-16 N/A
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
CVE-2006-2806 1 Apache 1 James 2026-04-16 N/A
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
CVE-2006-2447 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2026-04-16 N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2026-04-16 N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
CVE-2003-0020 2 Apache, Redhat 5 Http Server, Enterprise Linux, Linux and 2 more 2026-04-16 N/A
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
CVE-2000-0868 2 Apache, Suse 2 Http Server, Suse Linux 2026-04-16 N/A
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVE-2006-1548 2 Apache, Redhat 2 Struts, Rhel Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
CVE-2003-0017 1 Apache 1 Http Server 2026-04-16 N/A
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
CVE-1999-0926 1 Apache 1 Http Server 2026-04-16 N/A
Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
CVE-2006-1095 1 Apache 1 Mod Python 2026-04-16 N/A
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
CVE-2003-0016 1 Apache 1 Http Server 2026-04-16 N/A
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
CVE-2006-0743 1 Apache 1 Log4net 2026-04-16 N/A
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
CVE-2001-1342 1 Apache 1 Http Server 2026-04-16 N/A
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
CVE-2006-0254 2 Apache, Redhat 3 Geronimo, Network Satellite, Rhel Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
CVE-2002-2272 1 Apache 2 Http Server, Tomcat 2026-04-16 N/A
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
CVE-2006-0042 2 Apache, Debian 2 Libapreq2, Debian Linux 2026-04-16 N/A
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
CVE-2005-4849 1 Apache 1 Derby 2026-04-16 N/A
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CVE-2002-2103 1 Apache 1 Http Server 2026-04-16 N/A
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2005-4838 2 Apache, Redhat 3 Tomcat, Network Satellite, Rhel Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.