33 matches found
DEBIAN-CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
CVE-2017-15715
CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...
CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match ‘$’ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
UBUNTU-CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
Apache Httpd < 2.4.33 : <FilesMatch> bypass with a trailing newline in the file name
The expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename...
openSUSE Security Update : php5 (openSUSE-SU-2012:1169-1)
php5 was updated to fix two security issues : - use FilesMatch with 'SetHandler' rather than 'AddHandler' bnc775852 Since this update just hardens a configuration to protect weakly designed web applications, there was no CVE assigned. - A HTTP header Carriage-Return injection flaw was fixed...
SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6777)
This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...
SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6778)
This update fixes CVE-2011-1398 / CVE-2011-4388 header injection via CR. This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was...
CVE-2006-6511
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain 1 feature, 2 editor, 3 newswire, 4 otherpress, 5 admin, 6 pbook, 7 media, or 8 mod, which are...
CVE-2006-6511
The CVE-2006-6511 entry concerns the product dadaIMC .99.3, where an insufficiently restrictive FilesMatch directive in the installed .htaccess allows remote attackers to execute arbitrary PHP code. Specifically, uploaded files whose names contain any of the words: feature, editor, newswire, othe...
MacOS X Finder reveals contents of Apache Web directories
MacOS X creates a hidden file, '.DSStore' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. OpenVAS Vulnerability Test $Id: osXapachefinder.nasl 8023...