5747 matches found
Apache HTTP Server Auth Module SQL Insertion Attack
This plugin checks whether the web server is using Apache Auth modules which are known to be vulnerable to SQL insertion attacks. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache HTTP Server 'mod_ssl' Off By One Vulnerability
The remote host is using a version of modssl which is older than 2.8.10. This version is vulnerable to an off by one buffer overflow which may allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server. SPDX-FileCopyrightText: 2002...
apache -- mod_imap cross-site scripting flaw
The Apache HTTP Server Project reports: A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...
Apache, mod_ssl: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description modssl contains a security issue when "SSLVerifyClient optional" is configured in the global virtual...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2005:608 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is ...
Important: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...
CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...
Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)
This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clea...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...
CVE-2005-2088
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...
PT-2005-3030 · Apache +2 · Apache Http Server +2
Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...
HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.6 IWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
HP-UX PHSS_32363 : s700_800 11.04 Webproxy server 2.0 update
s700800 11.04 Webproxy server 2.0 update : Two security vulnerabilities have been reported in Apache HTTP server http://httpd.apache.org/ versions prior to Apache 1.3.33 that may allow a Denial of Service DoS attack and execution of arbitrarty code. %NASLMINLEVEL 70300 C Tenable Network Security,...
HP-UX PHSS_30057 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.7 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
HP-UX PHSS_32140 : s700_800 11.04 Virtualvault 4.7 IWS update
s700800 11.04 Virtualvault 4.7 IWS update : Two security vulnerabilities have been reported in Apache HTTP server http://httpd.apache.org/ versions prior to Apache 1.3.33 that may allow a Denial of Service DoS attack and execution of arbitrarty code. %NASLMINLEVEL 70300 C Tenable Network Security...
HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.5 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...
Moderate: Red Hat Security Advisory: apache, mod_ssl security update for Stronghold
Updated versions of cross-platform Stronghold that fix security issues in modssl and the Apache HTTP Server are now available. Stronghold 4 contains a number of open source technologies, including modssl and the Apache HTTP Server. A buffer overflow in the gettag function in modinclude for Apache...
Moderate: Red Hat Security Advisory: apache, mod_ssl security update
Updated apache and modssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The modssl module provides strong...
Important: Red Hat Security Advisory: httpd security update
Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue has been discovered in the modssl module when configured to use the "SSLCipherSuit...