dja2TaqkGEEfA45

6 exploits Active since Jul 2012
CVE-2021-30641 NOMISEC MEDIUM
Apache HTTP Server <2.4.47 - Path Traversal
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
CVSS 5.3
CVE-2021-34496 NOMISEC MEDIUM
Windows GDI - Information Disclosure
Windows GDI Information Disclosure Vulnerability
CVSS 5.5
CVE-2021-3516 NOMISEC HIGH
xmllint < 2.9.11 - Use-After-Free
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
CVSS 7.8
CVE-2021-26690 NOMISEC HIGH
Apache HTTP Server 2.4.0-2.4.46 - Denial of Service via Crafted Cookie Header in mod_session
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVSS 7.5
CVE-2021-26691 NOMISEC CRITICAL
Apache HTTP Server 2.4.0-2.4.46 - Heap-based Buffer Overflow via SessionHeader
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
CVSS 9.8
CVE-2012-1870 NOMISEC
Microsoft Windows - Exposure of Sensitive Information via TLS CBC Mode
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."