Filtered by vendor Redhat Subscriptions
Filtered by product Certificate System Subscriptions
Total 66 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-2364 4 Apache, Canonical, Fedoraproject and 1 more 9 Http Server, Ubuntu Linux, Fedora and 6 more 2025-04-09 N/A
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
CVE-2008-2370 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-09 N/A
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
CVE-2007-3304 4 Apache, Canonical, Fedoraproject and 1 more 11 Http Server, Ubuntu Linux, Fedora and 8 more 2025-04-09 N/A
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
CVE-2007-3385 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-09 N/A
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
CVE-2007-6388 2 Apache, Redhat 6 Http Server, Certificate System, Enterprise Linux and 3 more 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2004-2761 2 Ietf, Redhat 3 Md5, X.509 Certificate, Certificate System 2025-04-09 N/A
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
CVE-2007-1349 3 Apache, Canonical, Redhat 12 Mod Perl, Ubuntu Linux, Certificate System and 9 more 2025-04-09 N/A
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
CVE-2006-5752 4 Apache, Canonical, Fedoraproject and 1 more 12 Http Server, Ubuntu Linux, Fedora and 9 more 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
CVE-2007-0450 2 Apache, Redhat 8 Http Server, Tomcat, Certificate System and 5 more 2025-04-09 N/A
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
CVE-2007-4465 2 Apache, Redhat 6 Http Server, Certificate System, Enterprise Linux and 3 more 2025-04-09 6.1 Medium
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
CVE-2007-1863 3 Apache, Apple, Redhat 5 Http Server, Mac Os X Server, Certificate System and 2 more 2025-04-09 N/A
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
CVE-2007-3382 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-09 N/A
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
CVE-2007-3847 4 Apache, Canonical, Fedoraproject and 1 more 7 Http Server, Ubuntu Linux, Fedora and 4 more 2025-04-09 N/A
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
CVE-2008-1232 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
CVE-2005-2090 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-03 N/A
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-3510 2 Apache, Redhat 4 Tomcat, Certificate System, Network Satellite and 1 more 2025-04-03 N/A
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
CVE-2006-3835 2 Apache, Redhat 4 Tomcat, Certificate System, Network Satellite and 1 more 2025-04-03 N/A
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
CVE-2006-3918 4 Apache, Canonical, Debian and 1 more 9 Http Server, Ubuntu Linux, Debian Linux and 6 more 2025-04-03 N/A
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
CVE-2022-2414 2 Dogtagpki, Redhat 7 Dogtagpki, Certificate System, Enterprise Linux and 4 more 2024-11-21 7.5 High
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
CVE-2022-2393 2 Pki-core Project, Redhat 4 Pki-core, Certificate System, Enterprise Linux and 1 more 2024-11-21 5.7 Medium
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.