Lucene search
K

986 matches found

Apache Httpd
Apache Httpd
added 2002/05/08 12:0 a.m.44 views

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

5CVSS6.4AI score0.12458EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2002/02/21 12:0 a.m.27 views

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

Apache 1.3 - Artificially Long Slash Path Directory Listing 2 // source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package,...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/02/21 12:0 a.m.33 views

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

// source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system...

7.4AI score
Exploits0
Apache Httpd
Apache Httpd
added 2002/02/13 12:0 a.m.30 views

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

7.5CVSS6.7AI score0.50371EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
added 2001/11/11 12:0 a.m.34 views

Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation

The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...

7.2CVSS3.4AI score0.00944EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2001/10/12 12:0 a.m.37 views

Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to

A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...

5CVSS1.3AI score0.11922EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2001/10/12 12:0 a.m.73 views

Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed

A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...

5CVSS2.3AI score0.56756EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2001/09/18 12:0 a.m.35 views

Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed

A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...

5CVSS0.5AI score0.06765EPSS
Exploits0Affected Software1
exploitpack
exploitpack
added 2001/06/13 12:0 a.m.19 views

Apache 1.3 - Artificially Long Slash Path Directory Listing (3)

Apache 1.3 - Artificially Long Slash Path Directory Listing 3 source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, include...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2001/06/13 12:0 a.m.43 views

Apache 1.3 - Artificially Long Slash Path Directory Listing (3)

source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/06/13 12:0 a.m.31 views

Apache 1.3 - Artificially Long Slash Path Directory Listing (4)

source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...

7AI score
Exploits0
Apache Httpd
Apache Httpd
added 2001/05/22 12:0 a.m.30 views

Apache Httpd < 1.3.20 : Denial of service attack on Win32 and OS2

A vulnerability was found in the Win32 and OS2 ports of Apache 1.3. A client submitting a carefully constructed URI could cause a General Protection Fault in a child process, bringing up a message box which would have to be cleared by the operator to resume operation. This vulnerability introduce...

5CVSS1.3AI score0.12006EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2001/02/28 12:0 a.m.33 views

Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed

The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...

5CVSS1.5AI score0.75238EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
added 2000/10/13 12:0 a.m.28 views

Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file

The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...

5CVSS3AI score0.34584EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2000/10/13 12:0 a.m.28 views

Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source

A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...

5CVSS2.2AI score0.10515EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
added 2000/10/13 12:0 a.m.36 views

Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT

A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...

5CVSS0.7AI score0.46653EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
added 2000/02/25 12:0 a.m.37 views

Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...

4.3CVSS0.6AI score0.23456EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2000/01/21 12:0 a.m.21 views

Apache Httpd < 1.3.11 : Mass virtual hosting security issue

A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...

5CVSS0.9AI score0.0531EPSS
Exploits0Affected Software1
CVE
CVE
added 1999/09/29 4:0 a.m.555 views

CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

7.5CVSS7.2AI score0.25788EPSS
Exploits0References1Affected Software2
CVE
CVE
added 1999/09/29 4:0 a.m.86 views

CVE-1999-0071

CVE-1999-0071 affects the Apache httpd server prior to 1.1.2 (versions 1.1.1 and earlier) due to a cookie header buffer overflow. The root cause is a vulnerable handling of the HTTP Cookie header (too long name/value) that can cause the server to crash. Some connected sources describe the impact ...

7.5CVSS7.3AI score0.03571EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder