Oracle BEA WebLogic IIS connector JSESSIONID Stack Buffer Overflow (CVE-2008-5457)

BEA WebLogic is a Java Application Server platform typically used as the platform for large enterprise web applications. Specifically, the vulnerability exists in the connector software for Apache HTTP server shipped with BEA WebLogic. BEA WebLogic Platform ships with a connector for Apache HTTP...

Apache mod_proxy_ajp信息泄露漏洞

BUGTRAQ ID: 34663 CVECAN ID: CVE-2009-1191 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxyajp模块在处理畸形的POST请求时存在错误，远程攻击者可以通过提交特制的HTTP请求泄露其他用户请求相关的响应数据。 Apache 2.2.11 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apache.org/dist/httpd/patches/applyto2.2.11/PR46949.diff...

CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

Cross site request forgery (csrf)

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

EUVD-2009-1190

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

CVE-2009-1191

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

RedHat Security Advisory RHSA-2009:0337

The remote host is missing updates announced in advisory RHSA-2009:0337. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP scrip...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

RHEL 5 : php (RHSA-2009:0338)

Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Design/Logic Flaw

Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via 1 "external tools" or 2 a crafted forensic image...

CVE-2009-0918

Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via 1 "external tools" or 2 a crafted forensic image...

CVE-2009-0918

Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via 1 "external tools" or 2 a crafted forensic image...

CVE-2009-0918

CVE-2009-0918 affects DFLabs PTK 1.0.0–1.0.4. The issue allows remote attackers to execute arbitrary commands in processes launched by PTK’s Apache HTTP Server via two vectors: (1) “external tools” and (2) a crafted forensic image. The underlying cause is unspecified in the provided documents bey...

RedHat Update for apache RHSA-2008:0004-01

Check for the Version of apache OpenVAS Vulnerability Test RedHat Update for apache RHSA-2008:0004-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

CentOS Update for httpd CESA-2008:0006 centos4 i386

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2008:0006 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Fedora Update for httpd FEDORA-2007-707

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2007-707 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...