Search Results (Refine Search)
- CPE Product Version: cpe:/a:apache:http_server:2.2.23
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-6438 |
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. Published: March 18, 2014; 1:18:18 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1896 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Published: July 10, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-1862 |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Published: June 10, 2013; 1:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2012-4558 |
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Published: February 26, 2013; 11:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3499 |
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. Published: February 26, 2013; 11:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2687 |
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Published: August 22, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |