5836 matches found
Design/Logic Flaw
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations...
CVE-2008-5696
CVE-2008-5696 affects NetIQ/NetWare 6.5 prior to Support Pack 8; when an OES2 Linux server is added to the NDS tree, the ApacheAdmin console can be accessed without a password, allowing remote attackers to reconfigure the Apache HTTP Server. The issue is specific to the NetWare/OES2 integration. ...
CVE-2008-5676
Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...
CVE-2008-5676
Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...
CVE-2008-5676
ModSecurity (mod_security) for the Apache HTTP Server is affected by CVE-2008-5676. The issue affects ModSecurity versions 2.5.0 through 2.5.5 when SecCacheTransformations is enabled, allowing remote attackers to cause a denial of service (daemon crash) or bypass the product’s functionality via u...
Moderate: Red Hat Security Advisory: Red Hat Application Stack v2.2 security and enhancement update
Red Hat Application Stack v2.2 is now available. This update fixes several security issues and adds various enhancements. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 11th December 2008 This erratum has been updated to correct a typo...
Apache < 2.2.10 Multiple Vulnerabilities
Binary data 4712.prm...
Apache HTTP Server 'mod_proxy_ftp' Wildcard Characters XSS Vulnerability
Apache HTTP Server is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞
BUGTRAQ ID: 30560 CVECAN ID: CVE-2008-2939 Apache HTTP Server是一款流行的Web服务器。 如果将Apache HTTP Server配置了代理支持(配置文件中ProxyRequests On)且启用了modproxyftp模块以提供HTTP上FTP支持的话,则类似于以下的包含有通配符字符(“”、“'”、“”等)的请求: GET ftp://host/foo HTTP/1.0 就会在modproxyftp所返回的响应中导致跨站脚本攻击: ... h2Directory of a href="/"ftp://host/a/foo/h...
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
Rapid7 Advisory R7-0033 Apache HTTP Server modproxyftp Wildcard Characters Cross-Site Scripting Discovered: July 25, 2008 Published: August 5, 2008 Revision: 1.1 http://www.rapid7.com/advisories/R7-0033 CVE: CVE-2008-2939 1. Affected systems: KNOWN VULNERABLE: o Apache HTTP Server 2.2.9 and earli...
Apache Tomcat JK Web Server Connector URI worker map buffer overflow
Added: 07/30/2008 CVE: CVE-2007-0774 BID: 22791 OSVDB: 33855 Background Apache Tomcat is a Java web application platform which can run under various types of web servers. The JK Web Server Connector modjk is used for communication between Tomcat and the web server. Problem A buffer overflow in a...
[SECURITY] Fedora 9 Update: php-5.2.6-2.fc9
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CentOS 3 / 5 : php (CESA-2008:0544)
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
Moderate: Red Hat Security Advisory: php security and bug fix update
Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
CVE-2008-1678
Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...
CVE-2008-1678
Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...
Memory corruption
Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...