5742 matches found
[Full-Disclosure] [RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix modssl security issue Advisory ID: RHSA-2004:182-01 Issue date: 2004-04-30 Updated on: 2004-04-30 Product: Red Hat...
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow
source: https://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. Immediate...
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow source: https://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer...
Apache Httpd < 2.0.45 : Line feed memory leak DoS
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...
Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers
The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...
mod_python remote DoS
Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...
Apache Httpd < 2.0.49 : listening socket starvation
A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...
Denial of Service in Monkey httpd <= 0.8.1
Luigi Auriemma Application: Monkey httpd http://monkeyd.sourceforge.net Versions: = 0.8.1 Platforms: GNU/Linux Bug: Denial of Service Risk: high Exploitation: remote Date: 11 Feb 2004 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The...
BUG IN APACHE HTTPD SERVER (current version 2.0.47)
APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...
php -- readfile() DoS vulnerability
A SUSE Security advisory reports: A bug in the readfile function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service...
Mephistoles Httpd 0.6.0final XSS
Donato Ferrante Application: Mephistoles Httpd http://sourceforge.net/projects/mephistoles Version: 0.6.0final Bug: cross site scripting Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1...
Mephistoles Httpd crossite scripting
No description provided...
Mephistoles HTTPd 0.6 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/9470/info Mephistoles 'httpd' daemon fails to sanitize user-supplied input, making it vulnerable to cross-site scripting attacks. This vulnerability allows an attacker to construct a malicious link containing HTML or script code that may be rendered in a...
Surfboard HTTPd 1.1.9 - Remote Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/9299/info It has been reported that Surfboard httpd is prone to a remote buffer overflow condition that may allow an attacker to gain unauthorized access to a system running the vulnerable software. The issue presents itself when an attacker sends a...
Apache Httpd < 1.3.31 : mod_digest nonce checking
moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...
CVE-2003-0973
Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...
CVE-2003-0973
The CVE-2003-0973 entry describes a denial-of-service in mod_python: affected versions are mod_python 3.0.x before 3.0.4 and 2.7.x before 2.7.9. A remote attacker can crash the Apache httpd by supplying a crafted query string. Public advisories (e.g., Debian DSA-452, Red Hat RHSA-2004:058, and re...
sh-httpd.txt
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
CVE-2003-1137
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk wildcard character...
sh-httpd shell characters
wildcard metacharacter allows to access any file...