Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache http server 2.1.1 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
9
CVSSv2
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB prior to 1.7.0 and 2.x prior to 2...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
5 Github repositories
7.5
CVSSv2
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e....
Vmware Spring Framework
Cisco Cx Cloud Agent
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Sd-wan Edge 9.1
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Oracle Product Lifecycle Analytics 3.6.1
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 1.15.0
Oracle Communications Cloud Native Core Unified Data Repository 22.1.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0
174 Github repositories
7 Articles
6.8
CVSSv2
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.28
Apache Struts 2.3.28.1
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.10.1
Apache Struts 2.5.11
Apache Struts 2.1.2
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.20
1 EDB exploit
20 Github repositories
3 Articles
6.8
CVSSv2
CVE-2006-4154
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent malicious users to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
Apache Http Server 2.0.28
Apache Http Server 2.0.32
Apache Http Server 2.0.39
Apache Http Server 2.0.40
Apache Http Server 2.0.48
Apache Http Server 2.0.49
Apache Http Server 2.0.56
Apache Http Server 2.0.57
Apache Http Server 2.1.3
Apache Http Server 2.1.4
Apache Http Server 2.1.5
Apache Http Server 2.0.37
Apache Http Server 2.0.38
Apache Http Server 2.0.46
Apache Http Server 2.0.47
Apache Http Server 2.0.54
Apache Http Server 2.0.55
Apache Http Server 2.1.1
Apache Http Server 2.1.2
Apache Http Server 2.2.3
Apache Http Server 2.0
Apache Http Server 2.0.35
5
CVSSv2
CVE-2012-0256
Apache Traffic Server 2.0.x and 3.0.x prior to 3.0.4 and 3.1.x prior to 3.1.3 does not properly allocate heap memory, which allows remote malicious users to cause a denial of service (daemon crash) via a long HTTP Host header.
Apache Traffic Server 3.1.1
Apache Traffic Server 3.1.0
Apache Traffic Server 2.1.7
Apache Traffic Server 2.1.6
Apache Traffic Server 2.0.1
Apache Traffic Server 2.0.0
Apache Traffic Server 3.0.3
Apache Traffic Server 3.0.2
Apache Traffic Server 2.1.5
Apache Traffic Server 2.1.4
Apache Traffic Server 3.0.1
Apache Traffic Server 3.0.0
Apache Traffic Server 2.1.3
Apache Traffic Server 2.1.2
Apache Traffic Server 3.1.2
Apache Traffic Server 2.1.9
Apache Traffic Server 2.1.8
Apache Traffic Server 2.1.1
Apache Traffic Server 2.1.0
5
CVSSv2
CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote malicious users to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions prior to 2.2.15.
Apache Http Server 1.3.18
Apache Http Server 1.3.17
Apache Http Server 1.3.22
Apache Http Server 1.3.23
Apache Http Server 1.2
Apache Http Server 1.3.16
Apache Http Server 1.3.15
Apache Http Server 1.0.2
Apache Http Server 1.3.34
Apache Http Server 1.3.36
Apache Http Server 1.3.0
Apache Http Server 1.3.38
Apache Http Server 1.3.42
Apache Http Server 1.3.2
Apache Http Server 1.0
Apache Http Server 1.1
Apache Http Server 1.3.1
Apache Http Server 1.3.11
Apache Http Server 1.3.30
Apache Http Server 1.3.31
Apache Http Server 1.3.5
Apache Http Server 1.4.0
1 Nmap script
17 Github repositories
5
CVSSv2
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 up to and including 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote malicious users to modify server-side context objects an...
Apache Struts 2.0.8
Apache Struts 2.0.9
Apache Struts 2.0.3
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.0.10
Apache Struts 2.0.5
Apache Struts 2.0.2
Apache Struts 2.1.5
Apache Struts 2.1.4
Apache Struts 2.0.1
Apache Struts 2.1.3
Apache Struts 2.1.2
Apache Struts 2.0.7
Apache Struts 2.0.11
Apache Struts 2.0.14
Apache Struts 2.0.13
Apache Struts 2.1.1
Apache Struts 2.1.0
Apache Struts 2.0.0
Apache Struts 2.0.6
Apache Struts 2.0.4
2 EDB exploits
1 Article
4.3
CVSSv2
CVE-2008-2168
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and previous versions allows remote malicious users to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
Apache Http Server 2.0.28
Apache Http Server 2.0
Apache Http Server 2.0.37
Apache Http Server 2.0.32
Apache Http Server 2.0.39
Apache Http Server 2.0.40
Apache Http Server 2.0.41
Apache Http Server 2.0.48
Apache Http Server 2.0.49
Apache Http Server 2.0.56
Apache Http Server 2.0.57
Apache Http Server 2.1.2
Apache Http Server 2.1.3
Apache Http Server 2.2.1
Apache Http Server 2.2.2
Apache Http Server 2.0.34
Apache Http Server 2.0.42
Apache Http Server 2.0.43
Apache Http Server 2.0.50
Apache Http Server 2.0.51
Apache Http Server 2.0.58
Apache Http Server 2.0.59
1 EDB exploit
4.3
CVSSv2
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components...
Apache Http Server 2.0.51
Apache Http Server 2.0.52
Apache Http Server 2.1.2
Apache Http Server 2.1.3
Apache Http Server 2.2.2
Apache Http Server 2.2.3
Apache Http Server 2.0.46
Apache Http Server 2.0.53
Apache Http Server 2.0.54
Apache Http Server 2.0.55
Apache Http Server 2.1.4
Apache Http Server 2.1.5
Apache Http Server 2.2.4
Apache Http Server 2.0.47
Apache Http Server 2.0.48
Apache Http Server 2.0.57
Apache Http Server 2.0.58
Apache Http Server 2.1.6
Apache Http Server 2.1.7
Apache Http Server 2.0.49
Apache Http Server 2.0.50
Apache Http Server 2.0.59
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started