AN HTTPd multiple bugs

Crossite scripting, physical path leakage, special devices access, file corruption...

AN HTTPD 1.x - Count.pl Directory Traversal

source: https://www.securityfocus.com/bid/7397/info AN HTTPd contains a sample script named count.pl that may be used as a web counter. This script does not perform adequate access validation on paths containing directory traversal ../ character seqences. The vulnerable script may be used to...

ANHTTPd.txt

Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies such as isolated worker processes usually only seen in production servers. More information on AN HTTPd is available at...

Monkey HTTPD buffer overflow

Buffer overflow on POST request...

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

CVE-2002-1549

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request...

Light HTTPd 0.1 (Windows) - Remote Buffer Overflow

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: start end module name 00400000 0041a000 lhttpd C:\Documents and Settings\Administrator\My...

Apache Httpd < 1.3.26 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 1.3.31 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.49 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.46 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

AN HTTPD 1.41 e - Cross-Site Scripting

source: https://www.securityfocus.com/bid/6529/info AN HTTPD does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user...

AN HTTPD 1.41 e - Cross-Site Scripting

AN HTTPD 1.41 e - Cross-Site Scripting source: https://www.securityfocus.com/bid/6529/info AN HTTPD does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code which will be...

AN HTTPd v.1.41e: DoS, CSS, real patch attack

Damage Hacking Group security advisory www.dhgroup.org Product: AN HTTPd server Authors: www.st.rim.or.jp Vulnerability: DoS, CSS, 'real patch' attack Overview-------------------------------------------------------------- This is Japanez http-server for win32-platforms. U can download it from...

CVE-2002-2131

Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. dot dot in an unknown argument...

CVE-2002-1930

Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username...

Perl-HTTPd File Disclosure Vulnerability

Description It has been reported that Perl-HTTPd fails to properly sanitize some web requests. By exploiting this issue, an attacker is able to traverse outside of the established web root by using dot-dot-slash ../ directory traversal sequences. An attacker may be able to obtain any web server...

Apache Httpd < 2.0.44 : MS-DOS device name filtering

On Windows platforms Apache did not correctly filter MS-DOS device names which could lead to denial of service attacks or remote code execution...

Null httpd Content-Length Header Handling Remote Overflow

The NullLogic Null HTTPd web server crashed when sent an invalid POST HTTP request with a negative Content-Length field. An attacker may exploit this flaw to disable your service or even execute arbitrary code on your system. C Tenable Network Security, Inc. References: Date: Sun, 22 Sep 2002...

Null HTTPd 0.5 - Remote Heap Corruption

Null HTTPd 0.5 - Remote Heap Corruption // source: https://www.securityfocus.com/bid/6255/info A heap corruption vulnerability has been discovered in Null httpd. By passing a small content length value to the server and triggering the server to make a second recv of POST data, it is possible to...