Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0796 |
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. Published: April 07, 2009; 7:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2008-2384 |
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Published: January 22, 2009; 1:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2168 |
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. Published: May 13, 2008; 5:20:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-6203 |
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Published: December 03, 2007; 5:46:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4723 |
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page. Published: September 05, 2007; 3:17:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |