1243 matches found
ApacheSSL protection bypass
In basic authentication emulation mode it's possible to access server without certificate...
Apache-SSL optional client certificate vulnerability
From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...
Microsoft SharePoint Portal and Team Services
There is a bug in how the authentication mode works with the web-based administration page. This page resides, in the Web Servers with Sharepoint, in http://www.example.com/layouts/settings.htm or http://www.example.com/somedirectory/layouts/settings.htm This page is usually protected by NT Basic...
Apache HTTPD contains denial of service vulnerability in basic authentication module
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...
Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
No description provided by source. !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string ...
Apache Httpd < 2.0.46 : Basic Authentication DoS
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...
CVE-2003-0101
miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...
CVE-2002-1654
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing withou...
CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which 2 in certain configurations, the server IP address is provided as the realm for Basic authentication, which...
CVE-2002-0578
CVE-2002-0578 affects 4D WebServer 6.7.3. A buffer overflow in handling HTTP requests with Basic Authentication containing an excessively long user name or password allows remote DoS and possibly arbitrary code execution. The vulnerability is triggered by crafted credentials in the request, poten...
CVE-2002-0578
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long 1 user name or 2 password...
IBM Informix Web Datablade 4.1x - Page Request SQL Injection
IBM Informix Web Datablade 4.1x - Page Request SQL Injection source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablad...
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack
Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...
CVE-2001-1550
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users...
PT-2001-2581 · Thttpd · Thttpd
Name of the Vulnerable Software and Affected Versions: thttpd versions 1.95 through 2.20 Description: The issue is an off-by-one buffer overflow in Basic Authentication, allowing remote attackers to cause a denial of service and possibly execute arbitrary code. Recommendations: For versions 1.95...
CVE-1999-1372
CVE-1999-1372 concerns the deprecated Triactive Remote Manager with Basic authentication enabled, where credentials are stored in cleartext in registry keys. This storage flaw allows local users to gain privileges due to exposure of usernames and passwords and the local-privilege escalation risk ...
Уязвимость в Internet Explorer (Cached Web Credentials)
После вход на защищенную часть сайта IE запоминает имя и пароль пользователя, и может передать их при обращении к незащищенной части, что позволяет перехватить их при передаче, если используется основная basic авторизация...
CVE-2000-0649
CVE-2000-0649 describes an HTTP internal IP disclosure in IIS 4.0: an attacker can obtain the server’s private IP by requesting a page protected with Basic Authentication (no realm) via HTTP/1.0. Connected documents (Metasploit IIS_INTERNAL_IP module, Nessus/Nessus-like plugin, OpenVAS NASL) corr...
CVE-2000-0649
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...
Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure
source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...