4991 matches found
EUVD-2006-5736
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2006-5752
CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...
CVE-2006-5752
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0533 Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0556 Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0534 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...
CentOS 4 : httpd (CESA-2007:0534)
Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
mod_perl security update
CentOS Errata and Security Advisory CESA-2007:0486-01 Updated modperl packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Modperl incorporates a Perl interpreter...
Important: Red Hat Security Advisory: mod_jk security update
Updated modjk packages that fix a security issue are now available for Red Hat Application Stack v1.1. This update has been rated as having Important security impact by the Red Hat Security Response Team. modjk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HT...
Important: Red Hat Security Advisory: mod_jk security update
Updated modjk packages that fix a security issue are now available for Red Hat Application Server. This update has been rated as having Important security impact by the Red Hat Security Response Team. modjk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.6.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.5.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CVE-2007-1743
suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...
CVE-2007-1743
suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...