Apache HTTP Server 'mod_proxy_ftp' Wildcard Characters XSS Vulnerability

Apache HTTP Server is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞

BUGTRAQ ID: 30560 CVECAN ID: CVE-2008-2939 Apache HTTP Server是一款流行的Web服务器。 如果将Apache HTTP Server配置了代理支持（配置文件中ProxyRequests On）且启用了modproxyftp模块以提供HTTP上FTP支持的话，则类似于以下的包含有通配符字符（“”、“'”、“”等）的请求： GET ftp://host/foo HTTP/1.0 就会在modproxyftp所返回的响应中导致跨站脚本攻击： ... h2Directory of a href="/"ftp://host/a/foo/h...

[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting

Rapid7 Advisory R7-0033 Apache HTTP Server modproxyftp Wildcard Characters Cross-Site Scripting Discovered: July 25, 2008 Published: August 5, 2008 Revision: 1.1 http://www.rapid7.com/advisories/R7-0033 CVE: CVE-2008-2939 1. Affected systems: KNOWN VULNERABLE: o Apache HTTP Server 2.2.9 and earli...

Apache Tomcat JK Web Server Connector URI worker map buffer overflow

Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...

[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Memory corruption

Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...

CVE-2008-1678

Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

Design/Logic Flaw

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

CVE-2008-2364

The CVE-2008-2364 entry concerns the Apache HTTP Server mod_proxy, specifically the ap_proxy_http_process_response function in the mod_proxy_http.c file for Apache versions 2.0.63 and 2.2.8. The issue is that it does not cap the number of forwarded interim responses, which can lead to memory exha...

httpd mod_status XSS

Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...

Input validation

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...

CVE-2008-1734

CVE-2008-1734 affects Gentoo Linux users running the Gentoo PHP Toolkit prior to 1.0.1. The vulnerability arises from an interpretation conflict where an unquoted [a-z] argument can be treated as a shell glob instead of a literal string, allowing local users to cause a Denial of Service (PHP outa...

CVE-2008-1734

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service PHP outage and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted a-z argument as ...

[SECURITY] Fedora 8 Update: httpd-2.2.8-1.fc8

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] Fedora 7 Update: httpd-2.2.8-1.fc7

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Apache mod_negotiation模块HTML注入及HTTP响应拆分漏洞

BUGTRAQ ID: 27409 Apache HTTP Server是一款流行的Web服务器。 Apache的Modnegotiation没有正确地过滤406 Not Acceptable响应和300 Multiple Choices消息体中的文件名，这可能导致跨站脚本攻击；此外由于也未经过滤便发送了文件名列表，因此如果文件名中包含有换行符的话还可能导致HTTP响应拆分。 I. 跨站脚本 假设启用了modnegotiation模块，且攻击者可以上传带有任意名称和mime扩展的文件，如以下名称的jpeg文件： img src=sa...