5765 matches found
Apache Httpd < 1.3.19 : Requests can cause directory listing to be displayed
The default installation can lead modnegotiation and moddir or modautoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes...
WhitSoft SlimServe HTTPd 1.1 - 'GET' Denial of Service
source: https://www.securityfocus.com/bid/2451/info SlimServe HTTPd is a free HTTP Daemon maintained by WhitSoft Development. SlimServe is designed to provide basic HTTP services on the Microsoft Windows platform. A problem in the handling of HTTP GET requests could allow a remote user to deny...
WhitSoft SlimServe HTTPd 1.1 - GET Denial of Service
WhitSoft SlimServe HTTPd 1.1 - GET Denial of Service source: https://www.securityfocus.com/bid/2451/info SlimServe HTTPd is a free HTTP Daemon maintained by WhitSoft Development. SlimServe is designed to provide basic HTTP services on the Microsoft Windows platform. A problem in the handling of...
A1 Server v1.0a HTTPd (DoS & Dir Traversal)
Introduction: A1 Server v1.0a is a HTTPd server for the Windows OS, and it will deliver the following content: GIF impages, HTM or HTML pages, EXE files, and ZIP files. The server is very small, but yet somewhat stable and is freeware! Yeah. right The Vendors website is:...
DoS против sedum httpd (flood)
БОльшое количество данных в порт http tcp/80 приводит к краху сервера...
DOS Vulnerability in SlimServe HTTPd
DOS Vulnerability in SlimServe HTTPd Overview SlimServe HTTPd v1.0 is a web server available from http://www.whitsoftdev.com and http://www.download.com. A DOS vulnerability exists which allows a remote attacker to crash the server. Details If an extraoridinarily long string of 'A's is sent to th...
Leif M. Wright - ad.cgi 1.0 Unchecked Input
Leif M. Wright - ad.cgi 1.0 Unchecked Input source: https://www.securityfocus.com/bid/2103/info ad.cgi is an ad rotation script freely available, and written by Leif Wright. A problem exists in the script which may allow access to restricted resources. The problem occurs in the method in which th...
CVE-2000-1078
CVE-2000-1078 affects the ICQ Web Front HTTPd. A remote attacker can cause a denial of service by requesting a URL that contains a "?" character. The CVE is corroborated by NVD: ICQ Web Front HTTPd denial of service via a URL with a question mark. Nessus mentions a specific DoS payload involving ...
Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source
A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...
Apache Httpd < 1.3.14 : Rewrite rules that include references allow access to any file
The Rewrite module, modrewrite, can allow access to any file on the web server. The vulnerability occurs only with certain specific cases of using regular expression references in RewriteRule directives: If the destination of a RewriteRule contains regular expression references then an attacker...
Apache Httpd < 1.3.14 : Requests can cause directory listing to be displayed on NT
A security hole on Apache for Windows allows a user to view the listing of a directory instead of the default HTML page by sending a carefully constructed request...
bohttpd.vulnerability.txt
===================================================== Brown Orifice HTTPD Directory Traversal Vulnerability ===================================================== Background ---------- Brown Orifice HTTPD BOHTTPD is "a web server and file sharing tool" that runs as a Java Applet in Netscape...
Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)
===================================================== Brown Orifice HTTPD Directory Traversal Vulnerability ===================================================== Background ---------- Brown Orifice HTTPD BOHTTPD http://www.brumleve.com/BrownOrifice/ is "a web server and file sharing tool" that ru...
Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information
Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example...
CVE-2000-0079
The CVE-2000-0079 entry concerns CERN httpd's path disclosure vulnerability. Public sources in connected documents indicate that remote attackers could determine the real pathnames of certain commands by requesting a nonexistent URL, with additional details from Nessus showing an information-disc...
Apache Httpd < 1.3.11 : Mass virtual hosting security issue
A security problem can occur for sites using mass name-based virtual hosting using the new modvhostalias module or with special modrewrite rules...
CERN httpd Virtual Web Path Disclosure
The remote host appears to be running CERN httpd. It was possible to get the physical location of a virtual web directory by issuing the request : GET /cgi-bin/ls HTTP/1.0 A remote attacker could use this information to mount further attacks. C Tenable Network Security, Inc. include"compat.inc";...
CVE-1999-0947
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...
CVE-1999-0947
AN-HTTPd server is affected by a remote command execution risk due to default CGI scripts test.bat, input.bat, input2.bat, and ssi/envout.bat that allow shell metacharacters. Exploitation would enable an attacker to run arbitrary commands on the remote host. The vulnerability details are drawn fr...
Netscape FastTrack Server 2.0.1a - GET Buffer Overflow
// source: https://www.securityfocus.com/bid/908/info The version of Netscape FastTrack server that ships with UnixWare 7.1 is vulnerable to a remote buffer overlow. By default, the httpd listens on port 457 of the UnixWare host and serves documentation via http. If you pass the server a GET...