Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

apache + .htpasswd - bypass pwd check

Hi yesterday I managed to bypass the pwd check when using .htpasswd. The problem now is that Im not sure how to secure it. Okej let say that user ivan have protected his /home/ivan/publichtml/topsecret directory. And on the samer server we have the user johan, from his publichtml directory we mak...

Buffer overflo in TUX HTTPD and SYN Cookie protection bypass

Buffer overflow on long HTTP HOST header. By using Syncookie it's possible to bypass packet filtering...

BPM Studio Pro 4.2 - HTTPd Directory Traversal

source: https://www.securityfocus.com/bid/4198/info BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD does not adequately filter...

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

Apache 1.3 - Artificially Long Slash Path Directory Listing 2 // source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package,...

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

// source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

[AP] awhttpd v2.2 local DoS

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: methodic [email protected] release date: 01/03/2002 homepage: http://sec.angrypacket.com...

Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service source: https://www.securityfocus.com/bid/3782/info Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte. Under certain circumstances awhttpd reacts...

Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

source: https://www.securityfocus.com/bid/3782/info Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte. Under certain circumstances awhttpd reacts unpredictably. When a script is executed that opens a file that does...

Apache Httpd < 1.3.27 : Shared memory permissions lead to local privilege escalation

The permissions of the shared memory used for the scoreboard allows an attacker who can execute under the Apache UID to send a signal to any process as root or cause a local denial of service attack...

RH Linux Tux HTTPD DoS

TUX HTTPD Denial of Service Condition ============================= Background: ------------- Tux is a Kernel-Space HTTP server coded for optimal performance IRQ Affinity,HTTP compression, direct scatter-gather DMA etc. It is meant to be used as the main HTTP server for static objects with reques...

Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed

A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...

Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to

A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...

Apache Httpd < 1.3.22 : Requests can cause directory listing to be displayed

A vulnerability was found in the Win32 port of Apache 1.3.20. A client submitting a very long URI could cause a directory listing to be returned rather than the default index page...

Squid httpd acceleration acl bug enables portscanning

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory: NASR-2001-001 [email protected] Date: 18 July 2001 Summary: Squid can be used to proxy and also portscan if set up as a httpd accelerator reverse proxy. Versions Affected: 2.3STABLE3 and 2.3STABLE4 unpatched This includes the RedHa...

Squid Web Proxy 2.3 - Reverse Proxy

source: https://www.securityfocus.com/bid/3062/info Squid is a free client-side web proxy that retrieves cached web pages for quick browsers and a reduction in bandwidth consumption. Squid servers, when configured as an "HTTP accelerator only", may allow remote attackers to use them as port...

CVE-2001-0454

Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... modified dot dot in the HTTP request...

Apache 1.3 - Artificially Long Slash Path Directory Listing (3)

Apache 1.3 - Artificially Long Slash Path Directory Listing 3 source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, include...

Apache 1.3 - Artificially Long Slash Path Directory Listing (3)

source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system an...