Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

RHEL 3 : httpd (RHSA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

BUGTRAQ ID: 27237 CVE ID:CVE-2007-6388 CNCVE ID:CNCVE-20076388 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modstatus模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 server-status页默认不启用。目前没有详细漏洞细节提供。 Posadis Posadis 1.3.31 Posadis Posadis 1.3.28 Apache Software Foundation Apache 2.2.6 Apac...

Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞

BUGTRAQ ID: 27234 CVE ID:CVE-2008-0005 CNCVE ID:CNCVE-20080005 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxyftp模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 modproxyftp.c存在跨站脚本问题，字符集没有定义，我们可以通过设置字符集未UTF-7，在URL中使用";"字符进行跨站脚本攻击。 Apache Software Foundation Apache 2.2.6 Apache...

Apache 'mod_proxy_balancer'存在多个漏洞

BUGTRAQ ID: 27236 CVE ID:CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6423 CNCVE ID:CNCVE-20076420 CNCVE-20076421 CNCVE-20076422 CNCVE-20076423 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxybalancer模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本，CSRF，拒绝服务等攻击。 1，由于所有行为通过GET访问执行，存在“CSRF”攻击。...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

Memory corruption

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6423

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

CVE-2007-6423

The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...

CVE-2007-6423

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

Apache mod_imagemap和mod_imap模块跨站脚本漏洞

BUGTRAQ ID: 26838 CVECAN ID: CVE-2007-5000 Apache HTTP Server是一款流行的Web服务器。 Apache的modimagemap和modimap模块中没有正确地过滤某些用户输入，允许远程攻击者提交恶意的HTTP请求执行跨站脚本攻击。 Apache Group Apache 2.2.0 - 2.2.6 Apache Group Apache 2.0.35 - 2.0.61 Apache Group Apache 1.3.0 - 1.3.39 Apache Group ------------...

CVE-2007-6421

Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...

CVE-2007-6421

Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...

DEBIAN-CVE-2007-6421

Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...

CVE-2007-6421

Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...

CVE-2007-6421

Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...

CVE-2007-6422

The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...