CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

EUVD-1999-0236

Malware in sbrugna...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

Exploit for Path Traversal in Apache Http_Server

RCE exploit both for Apache 2.4.49 CVE-2021-41773 and 2.4.5...

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

...

NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias...

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

Default configuration

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

CVE-2013-4878

CVE-2013-4878 affects Parallels Plesk Panel 9.0.x–9.2.x on UNIX and Small Business Panel 10.x on UNIX, due to an improper ScriptAlias directive for phppath that enables remote code execution via crafted requests. Affected versions expose code execution under the web server user; exploitation reli...

CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

VulnCheck KEV: CVE-2013-4878

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

CVE-2006-4110

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase or alternate case characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems...

CVE-2002-2029

CVE-2002-2029 affects PHP on Windows with Apache when ScriptAlias /php/ is set to c:/php/. A remote attacker can read arbitrary files and potentially execute arbitrary programs by requesting php.exe with a filename in the query string. Root cause is a configuration vulnerability enabling direct e...

CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval

NCSA 1.31.4.x1.5 Apache HTTPd 0.8.110.8.14 - ScriptAlias Source Retrieval source: https://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI...

NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval

source: https://www.securityfocus.com/bid/2300/info NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias directory is defined under...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

PT-1997-1103 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The issue allows attackers to read CGI programs due to a problem with the ScriptAlias directory in NCSA and Apache httpd. Recommendations: At the moment, there is no information about ...