httpd security and bug fix update

2.4.6-45.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-45.4 - Resolves: 1396197 - Backport: modproxywstunnel - AH02447: err/hup on backconn 2.4.6-45.3 - prefork: fix delay completing graceful restart 1327624 - modldap: fix authz regression, failing to rebind 1415257...

Directory traversal

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request...

CVE-2017-7577

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request...

CVE-2017-7577

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request...

CVE-2017-7577

CVE-2017-7577 affects XiongMai uc-httpd. A directory traversal vulnerability allows reading arbitrary files via a GET ../ HTTP request. Connected sources document the flaw and impact (read access; no public exploit details provided); remediation/patch information is not specified in the supplied ...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

Design/Logic Flaw

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

CVE-2017-5850 : OpenBSD httpd is vulnerable to a remote denial of service that exhausts memory by processing a sequence of requests for a large file using an HTTP Range header. Affects httpd up to version 6.x (as described in multiple sources); patches are available: 034_httpd.patch.sig for 5.9 a...

CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...

CVE-2017-6547

Cross-site scripting XSS vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmwa...

CVE-2017-6549

CVE-2017-6549 is a session hijack vulnerability in the httpd component of ASUSWRT firmware on multiple ASUS routers (e.g., RT-N56U/RT-N66U/RT-AC66U/RT-AC68U family, RT-AC53U, RT-N12, RT-AC5300, RT-N600, and Asuswrt-Merlin variants) with firmware older than the specified versions (pre 3.0.0.4.380....

CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Cross-Site Scripting Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Session Stealing Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject arbitrary JavaScript code into the router’s web interfa...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing

Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a failed attempt to build in a logout functionality...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...