Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache test vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2010-4094
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote malicious users to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-354...
Ibm Rational Test Lab ManagerIbm Rational Quality Manager
7.5
CVSSv2
CVE-1999-0045
List of arbitrary files on Web host via nph-test-cgi script.
Netscape Communications Server 1.1Apache Http Server 1.0.5Apache Http Server 0.8.11Netscape Enterprise Server 2.0aApache Http Server 1.0.2Apache Http Server 1.1Apache Http Server 1.0Apache Http Server 1.0.3Apache Http Server 0.8.14Netscape Communications Server 1.12Netscape Commerce Server 1.12
5
CVSSv2
CVE-1999-0070
test-cgi program allows an malicious user to list files on the server.
Apache Http Server
7.5
CVSSv2
CVE-2019-0187
Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests run...
Apache Jmeter 5.0Apache Jmeter 4.0
7.5
CVSSv2
CVE-2018-1297
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an malicious user to get Access to JMeterEngine and send unauthorized code.
Apache Jmeter 2.10Apache Jmeter 2.11Apache Jmeter 2.12Apache Jmeter 2.13Apache Jmeter 2.3.3Apache Jmeter 2.3.4Apache Jmeter 2.5.1Apache Jmeter 2.5Apache Jmeter 2.6Apache Jmeter 2.7Apache Jmeter 2.8Apache Jmeter 2.9Apache Jmeter 3.0Apache Jmeter 3.2Apache Jmeter 3.3Apache Jmeter 3.1Apache Jmeter 2.1Apache Jmeter 2.2Apache Jmeter 2.3Apache Jmeter 2.4Apache Jmeter 2.3.1Apache Jmeter 2.3.2
7.5
CVSSv2
CVE-2018-1287
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an malicious user to get Access to JMeterEngine and send unauthorized code.
Apache Jmeter 2.10Apache Jmeter 2.11Apache Jmeter 2.12Apache Jmeter 2.13Apache Jmeter 2.3.3Apache Jmeter 2.3.4Apache Jmeter 2.5.1Apache Jmeter 2.5Apache Jmeter 2.6Apache Jmeter 2.7Apache Jmeter 2.8Apache Jmeter 2.9Apache Jmeter 3.0Apache Jmeter 3.2Apache Jmeter 3.3Apache Jmeter 3.1Apache Jmeter 2.1Apache Jmeter 2.2Apache Jmeter 2.3Apache Jmeter 2.4Apache Jmeter 2.3.1Apache Jmeter 2.3.2
4.3
CVSSv2
CVE-2012-5650
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.
Apache Couchdb 1.0.2Apache Couchdb 1.1.0Apache Couchdb 1.0.1Apache Couchdb 1.0.0Apache Couchdb 1.2.0Apache CouchdbApache Couchdb 1.1.1
4.3
CVSSv2
CVE-2007-1355
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 up to and including 4.0.6, 4.1.0 up to and including 4.1.36, 5.0.0 up to and including 5.0.30, 5.5.0 up to and including 5.5.23, and 6.0.0 up to and includin...
Apache Tomcat 4.0.4Apache Tomcat 5.0.8Apache Tomcat 5.0.19Apache Tomcat 6.0.6Apache Tomcat 5.0.14Apache Tomcat 4.1.24Apache Tomcat 5.0.22Apache Tomcat 5.0.7Apache Tomcat 6.0.7Apache Tomcat 6.0.4Apache Tomcat 5.0.9Apache Tomcat 5.0.15Apache Tomcat 5.0.30Apache Tomcat 5.0.23Apache Tomcat 5.0.2Apache Tomcat 5.0.10Apache Tomcat 5.0.21Apache Tomcat 5.0.26Apache Tomcat 6.0.10Apache Tomcat 6.0.3Apache Tomcat 5.0.6Apache Tomcat 6.0.9
5
CVSSv2
CVE-2002-2007
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote malicious users to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examp...
Apache Tomcat 3.2.4Apache Tomcat 3.2.3
7.5
CVSSv2
CVE-2017-7676
Policy resource matcher in Apache Ranger prior to 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
Apache Ranger
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook