5741 matches found
SH-HTTPD 0.30.4 - Character Filtering Remote Information Disclosure
SH-HTTPD 0.30.4 - Character Filtering Remote Information Disclosure source: https://www.securityfocus.com/bid/8897/info A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. GET GET...
[Full-Disclosure] sh-httpd `wildcard character' vulnerability
======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...
Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms
A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...
NullLogic Null HTTPd 0.5 - Remote Denial of Service
source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTPd server. It has been reported that a remote attacke...
NullLogic Null HTTPd 0.5 - Remote Denial of Service
NullLogic Null HTTPd 0.5 - Remote Denial of Service source: https://www.securityfocus.com/bid/8697/info Null HTTPd has been reported prone to a remotely triggered denial of service vulnerability. The issue has been reported to present itself in the HTTP POST handling routines within the Null HTTP...
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script...
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed BID 5603...
Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities
Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl included with Apache 2...
Apache Httpd < 1.3.29 : Local configuration regular expression overflow
By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...
Apache Httpd < 2.0.48 : Local configuration regular expression overflow
By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...
Apache Httpd < 1.3.28 : RotateLogs DoS
The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...
Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives
In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...
Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy
When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...
Directory traversal vulnerability on Xoops/E-xoops CMS module "tutorials"
An attacker can use this flaw to execute arbitrary code of his choice on the remote system, run with the privileges of httpd. The code can be written in any scripting language whose parser is run in the remote system in cooporation with httpd, whether as module or executable. Details: This...
Apache Httpd < 1.3.32 : mod_proxy buffer overflow
A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...
Apache Httpd < 2.0.46 : OS2 device name DoS
Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...
Important: Red Hat Security Advisory: : Updated mod_auth_any packages available
Updated modauthany packages are now available for Red Hat Linux. modauthany is a Web server module that allows the Apache httpd server to call arbitrary external programs to verify user passwords. Vulnerabilities have been found in the way modauthany escapes shell arguments when calling external...
Apache Httpd < 2.0.47 : mod_ssl renegotiation issue
A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...
Apache Httpd < 2.0.46 : Basic Authentication DoS
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...
AN HTTPd Sample Script File Truncation
Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...