1249 matches found
Web Server Incomplete Basic Authentication DoS (deprecated)
This plugin is no longer relevant, and may never have worked correctly. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2021/09/13. Deprecated by RES-74695. include"compat.inc"; ifdescription scriptid12200; scriptversion"1.14"; scriptsetattributeattribute:"pluginmodificationdate",...
Web Server HTTP Basic Authorization Header Remote Overflow DoS
It was possible to kill the web server by sending a request with a long basic authentication field. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. Affected: Monit include"compat.inc"; if...
[VulnWatch] Advisory: Multiple Vulnerabilities in Monit
Multiple Vulnerabilities in Monit I. Product Description As quoted from http://www.tildeslash.com/monit/ web page: "monit is a utility for managing and monitoring, processes, files, directories and devices on a Unix system. Monit conducts automatic maintenance and repair and can execute meaningfu...
CVE-2004-0009
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...
CVE-2004-0009
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...
Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Apache-SSL optional client certificate vulnerability ---------------------------------------------------- Synopsis -------- If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to...
ApacheSSL protection bypass
In basic authentication emulation mode it's possible to access server without certificate...
Apache-SSL optional client certificate vulnerability
From the Apache-SSL security advisory: If configured with SSLVerifyClient set to 1 or 3 client certificates optional and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate. All the attacker needed ...
Microsoft SharePoint Portal and Team Services
There is a bug in how the authentication mode works with the web-based administration page. This page resides, in the Web Servers with Sharepoint, in http://www.example.com/layouts/settings.htm or http://www.example.com/somedirectory/layouts/settings.htm This page is usually protected by NT Basic...
Apache HTTPD contains denial of service vulnerability in basic authentication module
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...
Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
No description provided by source. !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string ...
Apache Httpd < 2.0.46 : Basic Authentication DoS
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...
CVE-2003-0101
miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...
CVE-2002-1654
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing withou...
CVE-2002-0419
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which 2 in certain configurations, the server IP address is provided as the realm for Basic authentication, which...
CVE-2002-0578
CVE-2002-0578 affects 4D WebServer 6.7.3. A buffer overflow in handling HTTP requests with Basic Authentication containing an excessively long user name or password allows remote DoS and possibly arbitrary code execution. The vulnerability is triggered by crafted credentials in the request, poten...
CVE-2002-0578
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long 1 user name or 2 password...
IBM Informix Web Datablade 4.1x - Page Request SQL Injection
IBM Informix Web Datablade 4.1x - Page Request SQL Injection source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablad...
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack
Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...
CVE-2001-1550
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users...