Filtered by vendor Apache
Subscribe
Total
2223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2008-09-05 | 10.0 HIGH | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | |||||