[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability

Gentoo Linux Security Advisory GLSA 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Apache 2.0: Denial of Service vulnerability

Background The Apache HTTP Server Project is a featureful, freely-available HTTP Web server. Description Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap...

CVE-2002-1986

Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot "."...

CVE-2005-1366

Pico Server pServ 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL...

CVE-2005-1366

Pico Server (pServ) up to version 3.2 is affected by an information-disclosure flaw that lets remote attackers obtain the source code of CGI scripts. The vulnerability arises from a flawed CGI-bin path check: requesting URLs like somedir/../cgi-bin can cause the server to return the CGI source in...

CVE-2003-1137

Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...

HP-UX PHSS_29542 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.

s700800 11.04 Virtualvault 4.6 IWS update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...

HP-UX PHSS_29541 : HPSBUX0310-285 SSRT3642 Potential Security Vulnerabilities Apache web server HP-UX VVOS and Webproxy.

s700800 11.04 Virtualvault 4.5 IWS Update : 1. Potential Apache web server crash when it goes into an infinite loop due to too many subsequent internal redirects and nested subrequests. VU379828 2. No de-allocation of file descriptors while servicing CGI scripts through child processes...

phpBB 2.0.10 - Remote Command Execution (CGI)

phpBB 2.0.10 - Remote Command Execution CGI !/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd =...

Debian DSA-181-1 : libapache-mod-ssl - XSS

Joe Orton discovered a cross site scripting problem in modssl, an Apache module that adds Strong cryptography i.e. HTTPS support to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...

BNCweb File Disclosure Vulnerability

BNCweb is a set of CGI scripts developed at the University of Zьrich as a user-friendly query interface to the British National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word collection of english texts using a web browser. For more...

Sambar Server Multiple CGI Environment Variable Disclosure

The remote web server appears to be Sambar Server and makes available the 'environ.pl' and/or 'testcgi.exe' CGI scripts. These are included by default and reveal the server's installation directory along with other information that could prove useful to an attacker. Note that this version is also...

Multiple Dangerous CGI Script Detection

It is possible that the remote web server contains one or more dangerous CGI scripts. Note that this plugin does not actually test for the underlying flaws but instead only searches for scripts with the same name as those with known vulnerabilities. %NASLMINLEVEL 70300 This script was written by...

Apache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)

The remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child...

PT-2002-2572 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.39 through 2.0.40 Description: The issue allows local users and possibly remote attackers to cause a denial of service, resulting in hang and memory consumption. This occurs when a CGI script sends a large amount of data t...

Sambar Web Server vulnerable to sourcecode disclosure due to improper parsing of scripts

Overview Sambar Webserver displays script contents instead of interpreting them when the user adds certain characters to the end of the script URL. Description Sambar Webserver is designed to handle CGI requests by interpreting CGI scripts to produce output returned to the client. However, due to...

Moderate: Red Hat Security Advisory: : : : Updated secureweb packages available

Updated secureweb packages are now available for Red Hat Secure Web Server 3.2 U.S.. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Socke...

CVE-2001-0918

This CVE concerns vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 that allow remote command execution due to insecure file handling. Affected are the susehelp CGI scripts; the underlying issue is not opening files securely, enabling unauthorized command execution. The provided docu...

CVE-2001-0918

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely...