154 matches found
DEBIAN-CVE-2004-1438
The modauthzsvn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command...
mod_ssl SSLCipherSuite bypass
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
Apache 1.3.x mod_include - Local Buffer Overflow
Apache 1.3.x modinclude - Local Buffer Overflow // source: https://www.securityfocus.com/bid/11471/info The problem presents itself when the affected module attempts to parse modinclude-specific tag values. A failure to properly validate the lengths of user-supplied tag strings before copying the...
[Full-Disclosure] iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability
Macromedia JRun 4 modjrun Apache Module Buffer Overflow Vulnerability iDEFENSE Security Advisory 09.29.04 www.idefense.com/application/poi/display?id=145&type=vulnerabilities September 29, 2004 I. BACKGROUND Macromedia JRun 4 is a full Java 2 Enterprise Edition J2EE compatible application server...
Debian DSA-181-1 : libapache-mod-ssl - XSS
Joe Orton discovered a cross site scripting problem in modssl, an Apache module that adds Strong cryptography i.e. HTTPS support to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only...
subversion -- WebDAV fails to protect metadata
In some situations, subversion metadata may be unexpectedly disclosed via WebDAV. A subversion advisory states: modauthzsvn, the Apache httpd module which does path-based authorization on Subversion repositories, is not correctly protecting all metadata on unreadable paths. This security issue is...
Subversion: Vulnerability in mod_authz_svn
Background Subversion is an advanced version control system, similar to CVS, which supports additional functionality such as the ability to move, copy and delete files and directories. A Subversion server may be run as an Apache module, a standalone server svnserve, or on-demand over ssh a la CVS...
SUSE-SA:2003:0009: mod_php4
The remote host is missing the patch for the advisory SUSE-SA:2003:0009 modphp4. The Apache module modphp4 supports the widely used Web scripting language PHP. Under some special circumstances a buffer overflow can be triggered in modphp4's wordwrap function. This buffer overflow can be used to...
mod_ssl ssl_util_uuencode_binary CA issue
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
Apache mod_python Denial of Service vulnerability
Background Modpython is an Apache module that embeds the Python interpreter within the server allowing Python-based web-applications to be created. Description The Apache Foundation has reported that modpython may be prone to Denial of Service attacks when handling a malformed query. Modpython...
Apache 2.0.4x mod_php - File Descriptor Leakage (2)
// source: https://www.securityfocus.com/bid/9302/info Reportedly, the Apache modphp module may be prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. As a result, the attacker may pose as a legitimate server and possibly steal or manipulate...
Remotely exploitable overflow in mod_mylo for Apache
Security Vulnerability Advisory Product: modmylo Apache 1.3.x module Versions: = 0.2.1 Author: yvind Grnnesby Homepage: http://www.pvv.ntnu.no/oyving/code/modmylo/ Platforms: Linux/BSD Impact: Remote code execution Advisory: CLIVITT-2003-5 Author: Carl Livitt carllivitt at hush dot com Date: July...
CLIVITT-2003-5.txt
Security Vulnerability Advisory Product: modmylo Apache 1.3.x module Versions:...
Remote Vulnerabilties in mod_ntlm
Product Description modntlm is an Apache module originially designed for Apache 1.3, now available for Apache 2.0 that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page:...
mod_ntlm.txt
Product Description modntlm is an Apache module originially designed for Apache 1.3, now available for Apache 2.0 that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page:...
Mod_NTLM 0.x - Authorisation Format String
source: https://www.securityfocus.com/bid/7393/info A format string vulnerability has been reported for the modntlm Apache module. The problem occurs when logging authentication strings passed in HTTP requests. By passing malicious format specifiers in a request, it may be possibile for an attack...
Mod_NTLM 0.x - Authorisation Heap Overflow
ModNTLM 0.x - Authorisation Heap Overflow source: https://www.securityfocus.com/bid/7388/info The modntlm Apache module has been reported prone to a heap overflow vulnerability. The vulnerability occurs due to a lack of sufficient bounds checking performed on user-supplied data, stored in heap...
[UNIX] Apache mod_access_referer Denial of Service Issue
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...
Apache Mod_Access_Referer 1.0.2 - Null Pointer Dereference Denial of Service
Apache ModAccessReferer 1.0.2 - Null Pointer Dereference Denial of Service source: https://www.securityfocus.com/bid/7375/info A vulnerability has been reported for the modaccessreferer Apache module. The problem occurs when parsing invalid HTTP referer header fields. If this vulnerability were t...
CVE-2001-1385
The CVE-2001-1385 issue concerns the Apache module for PHP 4.0.0–4.0.4. When a virtual host is configured with engine = off, PHP can be disabled for other virtual hosts, causing Apache to serve PHP source code instead of executing it. This is a disclosure vulnerability affecting PHP/Apache deploy...