Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-12615 | 6.8 |
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP
|
16-07-2024 - 17:58 | 19-09-2017 - 13:29 | |
CVE-2017-12617 | 6.8 |
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
|
16-07-2024 - 17:58 | 04-10-2017 - 01:29 | |
CVE-2016-2183 | 5.0 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
|
12-02-2023 - 23:17 | 01-09-2016 - 00:59 | |
CVE-2017-9798 | 5.0 |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
|
06-06-2021 - 11:15 | 18-09-2017 - 15:29 | |
CVE-2017-9788 | 6.4 |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke
|
06-06-2021 - 11:15 | 13-07-2017 - 16:29 | |
CVE-2015-3185 | 4.3 |
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote
|
06-06-2021 - 11:15 | 20-07-2015 - 23:59 |