- EPSS 12.38%
- Veröffentlicht 23.04.2009 17:30:01
- Zuletzt bearbeitet 16.06.2026 23:06:42
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
CVE-2008-2939
- EPSS 38.95%
- Veröffentlicht 06.08.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:46
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we...
- EPSS 12.71%
- Veröffentlicht 13.06.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:53:38
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service...
CVE-2008-2168
- EPSS 54.85%
- Veröffentlicht 13.05.2008 21:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:13
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
CVE-2008-0455
- EPSS 64.77%
- Veröffentlicht 25.01.2008 01:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:40
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use...
CVE-2008-0456
- EPSS 19.04%
- Veröffentlicht 25.01.2008 01:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:40
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject...
CVE-2007-6420
- EPSS 9.11%
- Veröffentlicht 12.01.2008 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:01
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
CVE-2007-6423
- EPSS 3.9%
- Veröffentlicht 12.01.2008 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:02
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
CVE-2008-0005
- EPSS 14.61%
- Veröffentlicht 12.01.2008 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:44
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
CVE-2007-6421
- EPSS 8.32%
- Veröffentlicht 08.01.2008 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:02
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U...