GeneralInformation

Hostnames	ns5030904.ip-15-235-219.net api.sarasavi.lk
Domains	ip-15-235-219.net sarasavi.lk
Country	Singapore
City	Singapore
Organization	OVH Singapore PTE. LTD
ISP	OVH SAS
ASN	AS16276

WebTechnologies

JavaScript graphics

dc.js

JavaScript libraries

dc.js

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(46)

CVE-2024-21247

3.8Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).

CVE-2024-21241

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21239

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21238

5.3Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21237

2.2Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

CVE-2024-21236

CVE-2024-21231

3.1Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).

CVE-2024-21230

6.5Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21219

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21218

CVE-2024-21213

4.2Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).

CVE-2024-21212

4.4Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21207

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21203

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21201

CVE-2024-21199

CVE-2024-21198

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21197

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21196

6.5Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21194

CVE-2024-21193

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21173

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21171

6.5Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21166

5.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H).

CVE-2024-21165

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21163

5.5Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CVE-2024-21162

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21160

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21159

CVE-2024-21157

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21142

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21135

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21134

4.3Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

CVE-2024-21130

CVE-2024-21129

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21127

CVE-2024-21125

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21102

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21101

2.2Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVE-2024-21096

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

CVE-2024-21090

7.5Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21087

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2024-21069

4.9Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

2013(4)

7.5Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

CVE-2013-2765

5.0The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

CVE-2013-0942

4.3Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-0941

2.1EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

2012(3)

CVE-2012-4360

4.3Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2012-4001

5.0The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

CVE-2012-3526

5.0The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

2011(2)

CVE-2011-2688

7.5SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

CVE-2011-1176

4.3The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

2009(2)

CVE-2009-2299

5.0The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.

CVE-2009-0796

2.6Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

2007(1)

CVE-2007-4723

7.5Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

OpenPorts

80 443 3000 3306 8081 9100

80 / tcp

1637199859 | 2025-04-09T00:43:18.435903

Hashes

hash

670429297

http.dom_hash

-2049760045

http.html_hash

1637199859

http.server_hash

869690771

http.title_hash

911614014

Welcome to nginx!

HTTP/1.1 200 OK
Date: Wed, 09 Apr 2025 00:43:18 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Thu, 31 Oct 2024 17:03:06 GMT
ETag: "267-625c8caccd4e3"
Accept-Ranges: bytes
Content-Length: 615
Vary: Accept-Encoding
Content-Type: text/html

443 / tcp

332842319 | 2025-03-18T09:17:20.272541

Hashes

hash

1108206342

http.dom_hash

-1497352626

http.html_hash

332842319

http.robots_hash

1714206274

http.server_hash

1305632269

http.title_hash

870307108

Laravel

HTTP/1.1 200 OK
Date: Tue, 18 Mar 2025 09:17:19 GMT
Server: Apache/2.4.62 (Debian)
Cache-Control: no-cache, private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: XSRF-TOKEN=eyJpdiI6IldwZVR4U0JCcURES3BQdXJxOG1pMHc9PSIsInZhbHVlIjoieVFtcWNMMnZqWTc1T2p6QUlTTnF2S0tDRU9iakhwTldSdmpzbmNuVTBUZHZLT3BrWUh4QUdZYzkyeTdXQVFBbnQyVkEwUXlxbnh4YU1sbjRTSWNCdTMyS2hMeVA3RTcxclJQT3g0dnVLeXl1cnVDWlovdlZoKzRONTc2UVVXTUMiLCJtYWMiOiI2NmZiMDIxZmY4NjA3NzcyZjFlMzE5NDFjMGE1NDkyOTZiY2FmNWNmZjhlNzQ1MmVmYjY2MGI5MzQxNTQyMDAzIiwidGFnIjoiIn0%3D; expires=Tue, 18 Mar 2025 11:17:19 GMT; Max-Age=7200; path=/; samesite=lax
Set-Cookie: sarasavi_session=eyJpdiI6IitXTzVybFB1b1FLeTZTRHhhZmpRb0E9PSIsInZhbHVlIjoiYkhuZHVteEtkREFQUUZjQTlIdEVra0ljMFdpbVNjRWVCVGtXVFZBT1czK2t4cnZJNTF3QmhlYUhSdzZRR2tNQ2M3RWxqblVpd3hKY0NPS2pkZ09HUEhIYVJ2Y1kzY05sYUxiNWJhQVJsamxuN0c3THlOc00vRUJJa3dXUmtRZVAiLCJtYWMiOiJiZDc1ZDBmYmIzMzkyYjg4YWRhOTQwNGU5ZTRmOWZjNDhjZmNhMjVhOTA2YjAwODdmYmM5YjMxMmFkN2U1NWVlIiwidGFnIjoiIn0%3D; expires=Tue, 18 Mar 2025 11:17:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Connection: close
Transfer-Encoding: chunked

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f6:cc:27:f5:2b:47:5e:71:40:84:d3:6b:e0:36:b2:36:ad
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: C=US, O=Let's Encrypt, CN=E6
        Validity
            Not Before: Jan 29 02:31:55 2025 GMT
            Not After : Apr 29 02:31:54 2025 GMT
        Subject: CN=api.sarasavi.lk
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:21:9c:5e:ea:fe:d8:74:81:bc:b2:96:4b:79:fc:
                    5c:b4:5b:28:0e:ba:63:21:77:16:6f:c6:b6:72:22:
                    da:81:88:a1:37:0b:ff:6a:b7:fc:89:4a:66:71:a6:
                    5c:9c:27:55:0b:5b:e0:c0:5b:a3:5a:26:ff:68:ce:
                    65:89:21:1b:17
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                3E:22:16:B9:E8:69:48:CD:AA:92:A5:1B:46:2E:87:13:2E:4F:54:9F
            X509v3 Authority Key Identifier: 
                93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
            Authority Information Access: 
                OCSP - URI:http://e6.o.lencr.org
                CA Issuers - URI:http://e6.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:api.sarasavi.lk
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
                                22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
                    Timestamp : Jan 29 03:30:25.568 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:36:A9:88:DC:87:32:D3:9C:E6:50:8A:96:
                                CA:A2:D2:E4:73:8D:98:49:D9:50:4F:04:FA:43:70:0A:
                                E9:E1:F3:7B:02:20:07:3F:EF:4C:0F:2F:65:38:75:A9:
                                5B:F9:C9:99:55:6D:70:1E:25:3B:FB:39:51:B9:BF:BF:
                                EA:10:6C:FB:53:56
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
                                16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
                    Timestamp : Jan 29 03:30:25.779 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:5F:DF:BC:59:78:6F:FA:4B:24:0B:47:CD:
                                5E:68:0D:A7:D8:EE:96:9F:EA:54:2C:F5:5A:28:FE:32:
                                02:D1:C1:8A:02:21:00:D5:AD:94:D0:AD:AC:C7:45:E9:
                                E5:98:C7:A8:96:0B:B3:20:E3:93:7E:9F:58:D5:EC:2C:
                                41:D3:2A:E5:E1:BB:26
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:66:02:31:00:9c:5f:a0:10:9d:29:59:c5:5a:d2:6e:a7:c0:
        31:d4:48:ce:01:4a:9f:b4:f9:5d:b9:aa:2c:32:70:1d:04:5c:
        92:de:07:8f:1d:5e:4e:45:1d:4b:bc:da:96:c4:cc:a3:fe:02:
        31:00:b6:d7:ca:e0:09:7d:fe:11:f5:26:dd:87:96:87:ca:22:
        ff:fa:92:d6:75:ae:f4:81:13:b7:ba:35:17:6f:97:2c:ca:e7:
        6a:78:bd:2e:7b:fc:97:a9:9c:fb:bf:d5:df:1f

Vulnerabilities

3 7 2

3000 / tcp

-606173770 | 2025-04-08T04:07:55.215061

Hashes

hash

-2120470571

http.dom_hash

1598069939

http.favicon.hash

-1497918943

http.html_hash

-606173770

http.title_hash

-310850454

Online Book Shop in Sri Lanka| Sarasavi The Bookshop

HTTP/1.1 200 OK
X-Powered-By: Next.js
Content-Type: text/html; charset=utf-8
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Vary: Accept-Encoding
Date: Tue, 08 Apr 2025 04:07:54 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

3306 / tcp

-327418750 | 2025-04-01T03:32:29.911242

MySQL:
  Protocol Version: 10
  Version: 8.0.36
  Capabilities: 65535
  Server Language: 45
  Server Status: 2
  Extended Server Capabilities: 57343
  Authentication Plugin: mysql_native_password

Vulnerabilities

1 41 4

8081 / tcp

512332819 | 2025-04-08T08:25:17.727967

HTTP/1.1 301 Moved Permanently
Date: Tue, 08 Apr 2025 08:25:17 GMT
Server: Apache/2.4.62 (Debian)
Location: /login
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjNlU1UyMkNPMjJTVTFlOU80aVNrclE9PSIsInZhbHVlIjoiVWRnOG1INVNVMVVLZ1g0SDhNZW9sWnE2SmE4SFdQQ1NOUGF4WDVld2JVRkhySjNuNUtyTndKdXdrZlE5VEhRbUgvTkpmZEtuT0IyaVFtWkVNNWdGZ1ZjQ09sVHRyMGVwUlFIV3pIMjlTMXI3MUFkZW5VZ3kyenhoektmdzZlRHkiLCJtYWMiOiI0MjFkYzQ2OTM5YjZmZGFhYzJlZTczMDk1ODEyYjVhOWYxNDEzMzA1ZTkyZGFmN2JjNWRiZTVhMWFjNWQxY2IwIiwidGFnIjoiIn0%3D; expires=Tue, 08 Apr 2025 10:25:17 GMT; Max-Age=7200; path=/; secure; samesite=lax
Set-Cookie: sarasavi_session=eyJpdiI6ImNNSXdkaEU4MWlPVmxHbHNGOVFlOGc9PSIsInZhbHVlIjoidGRTQVEyZGVZYlpqR0x5U2FVSkh3VXczdURsa1AzZlYvU1dzS3ZabGVVbitJRk5QMFhIUHV3aWRCTXgwR1Y4UU50T1REdGdvci9vbEw4RW9Ya2NlSFU0bjF6TmZ0ZXRTa254SExhZ2NWbThEYjdCeXNBSTRkdEdST0pJSG9rMisiLCJtYWMiOiJiZWQ1YTJkYzQ5MzQxNjVkZmVjMDA4NmY0MTMwZDhiNjRkYThkMjg2ZjgxNmM4ZmMxMTNkMWE1NzdiZDljY2JmIiwidGFnIjoiIn0%3D; expires=Tue, 08 Apr 2025 10:25:17 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

10e
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url='/login'" />

        <title>Redirecting to /login</title>
    </head>
    <body>
        Redirecting to <a href="/login">/login</a>.
    </body>
</html>

Vulnerabilities

3 7 2

9100 / tcp

-2030778729 | 2025-03-22T23:33:49.448245

HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Prometheus Node Exporter:
  node_exporter_build_info:
    branch: HEAD
    goversion: go1.17.3
    revision: a2321e7b940ddcff26873612bccdf7cd4c42b6b6
    version: 1.3.1
  node_os_info:
    id: ubuntu
    id_like: debian
    name: Ubuntu
    pretty_name: Ubuntu 24.04.1 LTS
    version: 24.04.1 LTS (Noble Numbat)
    version_codename: noble
    version_id: 24.04
  node_uname_info:
    domainname: (none)
    machine: x86_64
    nodename: sarasavi
    release: 6.8.0-48-generic
    sysname: Linux
    version: #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024
  node_dmi_info:
    bios_date: 06/12/2024
    bios_release: 5.32
    bios_vendor: American Megatrends International, LLC.
    bios_version: ES366AOC.10CT01
    board_asset_tag: To be filled by O.E.M.
    board_name: S3661
    board_vendor: MSI
    board_version: To be filled by O.E.M.
    chassis_asset_tag: To be filled by O.E.M.
    chassis_vendor: MSI
    chassis_version: To be filled by O.E.M.
    product_family: Default string
    product_name: MSIS366
    product_sku: Default string
    product_version: To be filled by O.E.M.
    system_vendor: MSI
  node_nvme_info:
    nvme1:
      device: nvme1
      firmware_revision: GDC5902Q
      model: SAMSUNG MZQL2960HCJR-00A07
      serial: S64FNT0X702104
      state: live
    nvme0:
      device: nvme0
      firmware_revision: GDC5902Q
      model: SAMSUNG MZQL2960HCJR-00A07
      serial: S64FNT0X702107
      state: live
  node_network_info:
    br-d5febb33df7d:
      address: 02:42:e0:63:66:6e
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-d5febb33df7d
      duplex: unknown
      operstate: down
    docker0:
      address: 02:42:38:25:d9:b1
      broadcast: ff:ff:ff:ff:ff:ff
      device: docker0
      duplex: unknown
      operstate: down
    lo:
      address: 00:00:00:00:00:00
      broadcast: 00:00:00:00:00:00
      device: lo
      operstate: unknown
    veth069599f:
      address: 62:ff:b5:f2:15:00
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth069599f
      duplex: full
      operstate: up
    enp8s0f0np0:
      address: d8:43:ae:89:77:04
      broadcast: ff:ff:ff:ff:ff:ff
      device: enp8s0f0np0
      duplex: full
      operstate: up
    br-5b1b805b1056:
      address: 02:42:86:71:ec:9c
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-5b1b805b1056
      duplex: unknown
      operstate: up
    br-fba21eaa8ac2:
      address: 02:42:f4:58:56:f5
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-fba21eaa8ac2
      duplex: unknown
      operstate: up
    br-a85482c5890f:
      address: 02:42:b1:87:ca:eb
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-a85482c5890f
      duplex: unknown
      operstate: down
    br-cbebd7c1fe0c:
      address: 02:42:81:16:cd:04
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-cbebd7c1fe0c
      duplex: unknown
      operstate: down
    br-92d2f1ae7b6a:
      address: 02:42:5b:57:db:79
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-92d2f1ae7b6a
      duplex: unknown
      operstate: up
    enp8s0f1np1:
      address: d8:43:ae:89:77:05
      broadcast: ff:ff:ff:ff:ff:ff
      device: enp8s0f1np1
      operstate: down
    vetha6a8728:
      address: e6:71:d0:66:fe:2e
      broadcast: ff:ff:ff:ff:ff:ff
      device: vetha6a8728
      duplex: full
      operstate: up
    vethb69c267:
      address: d2:c7:6c:fb:47:e5
      broadcast: ff:ff:ff:ff:ff:ff
      device: vethb69c267
      duplex: full
      operstate: up
    br-c96cf8d4794f:
      address: 02:42:65:22:d8:04
      broadcast: ff:ff:ff:ff:ff:ff
      device: br-c96cf8d4794f
      duplex: unknown
      operstate: down
    veth1058281:
      address: a2:14:5c:d7:6d:27
      broadcast: ff:ff:ff:ff:ff:ff
      device: veth1058281
      duplex: full
      operstate: up

15.235.219.148

Last Seen: 2025-04-09

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

1637199859 | 2025-04-09T00:43:18.435903

Hashes

Apache httpd

443 / tcp

332842319 | 2025-03-18T09:17:20.272541

Hashes

Apache httpd2.4.62

3000 / tcp

-606173770 | 2025-04-08T04:07:55.215061

Hashes

3306 / tcp

-327418750 | 2025-04-01T03:32:29.911242

MySQL8.0.36

8081 / tcp

512332819 | 2025-04-08T08:25:17.727967

Apache httpd2.4.62

9100 / tcp

-2030778729 | 2025-03-22T23:33:49.448245

Prometheus Node Exporter1.3.1

Products

Pricing

Contact Us

15.235.219.148

Last Seen: 2025-04-09

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 443 Port 3306 Port 8081 Latest CVSS

OpenPorts

80 / tcp 1637199859 | 2025-04-09T00:43:18.435903

Hashes

Apache httpd

443 / tcp 332842319 | 2025-03-18T09:17:20.272541

Hashes

Apache httpd2.4.62

3000 / tcp -606173770 | 2025-04-08T04:07:55.215061

Hashes

3306 / tcp -327418750 | 2025-04-01T03:32:29.911242

MySQL8.0.36

8081 / tcp 512332819 | 2025-04-08T08:25:17.727967

Apache httpd2.4.62

9100 / tcp -2030778729 | 2025-03-22T23:33:49.448245

Prometheus Node Exporter1.3.1

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

1637199859 | 2025-04-09T00:43:18.435903

443 / tcp

332842319 | 2025-03-18T09:17:20.272541

3000 / tcp

-606173770 | 2025-04-08T04:07:55.215061

3306 / tcp

-327418750 | 2025-04-01T03:32:29.911242

8081 / tcp

512332819 | 2025-04-08T08:25:17.727967

9100 / tcp

-2030778729 | 2025-03-22T23:33:49.448245