5742 matches found
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
Input validation
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...
CVE-2008-1734
CVE-2008-1734 affects Gentoo Linux users running the Gentoo PHP Toolkit prior to 1.0.1. The vulnerability arises from an interpretation conflict where an unquoted [a-z] argument can be treated as a shell glob instead of a literal string, allowing local users to cause a Denial of Service (PHP outa...
CVE-2008-1734
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...
[SECURITY] Fedora 8 Update: httpd-2.2.8-1.fc8
The Apache HTTP Server is a powerful, efficient, and extensible web server...
[SECURITY] Fedora 7 Update: httpd-2.2.8-1.fc7
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Apache mod_negotiation模块HTML注入及HTTP响应拆分漏洞
BUGTRAQ ID: 27409 Apache HTTP Server是一款流行的Web服务器。 Apache的Modnegotiation没有正确地过滤406 Not Acceptable响应和300 Multiple Choices消息体中的文件名,这可能导致跨站脚本攻击;此外由于也未经过滤便发送了文件名列表,因此如果文件名中包含有换行符的话还可能导致HTTP响应拆分。 I. 跨站脚本 假设启用了modnegotiation模块,且攻击者可以上传带有任意名称和mime扩展的文件,如以下名称的jpeg文件: img src=sa...
CVE-2008-0455
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2008-0455
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2008-0456
CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...
CVE-2008-0456
CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...
Crlf injection
CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...
CVE-2008-0455
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
Cross site scripting
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2008-0455
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
CVE-2008-0455
CVE-2008-0455 is an XSS vulnerability in the mod_negotiation module of Apache HTTP Server. A remote authenticated attacker can upload a file whose name contains XSS sequences and a file extension, causing arbitrary script/HTML to be injected into HTTP responses (notably for 406 Not Acceptable or ...
CVE-2008-0456
CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...
CVE-2008-0456
CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct several security issues are now available for Red Hat Application Stack v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. These...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2008:0008 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...