5817 matches found
SA-20070314-0.txt
SEC Consult Security Advisory ======================================================================= title: Apache HTTP Server / Tomcat directory traversal program: Apache HTTP Server / Apache Tomcat vulnerable version: Apache Tomcat 5.x: 5.5.22 Apache Tomcat 6.x: 6.0.10 CVE: CVE-2007-0450 impac...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
Directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
Apache JK Tomcat Connector: Remote execution of arbitrary code
Background The Apache HTTP server is a very widely used web server. modjk provides the JK module for connecting Tomcat and Apache using the ajp13 protocol. Description ZDI reported an unsafe memory copy in modjk that was discovered by an anonymous researcher in the mapuritoworker function of...
SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal
SEC Consult Security Advisory 20070314-0 ======================================================================= title: Apache HTTP Server / Tomcat directory traversal program: Apache HTTP Server / Apache Tomcat vulnerable version: Apache Tomcat 5.x: 5.5.22 Apache Tomcat 6.x: 6.0.10 CVE:...
CVE-2006-7098
The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...
CVE-2006-7098
The CVE-2006-7098 entry concerns the Debian patch for Apache HTTP Server 1.3.34-4 (033_-F_NO_SETSID) that fails to fully disassociate httpd from a controlling tty when started interactively. This allows a local attacker to elevate privileges to the tty via a CGI program invoking the TIOCSTI ioctl...
Critical: Red Hat Security Advisory: mod_jk security update
Updated modjk packages that fix a security issue are now available for Red Hat Application Stack v1.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. modjk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTT...
PT-2007-1918 · Apache +2 · Apache Tomcat +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server and Tomcat versions prior to 5.5.22 and 6.0.10 Tomcat versions prior to 5.5.22 and 6.0.10 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 ...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.4.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Directory traversal
Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...
CVE-2007-0637
Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...
CVE-2007-0637
CVE-2007-0637 describes a directory traversal vulnerability in the PHP script zd_numer.php for Galeria Zdjec 3.0 and earlier. An attacker can use a ".." path component in the galeria parameter to cause local file inclusion, enabling remote attackers to include and execute arbitrary local files (i...
EUVD-2007-0635
Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...
CVE-2007-0419
The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service server outage...
CVE-2007-0419
The CVE-2007-0419 issue affects the BEA WebLogic Server proxy plug-in for the Apache HTTP Server (pre June 2006). The root cause is improper handling of protocol errors in the plug-in, which can allow remote attackers to cause a denial of service (server outage). The vulnerability description not...
CVE-2007-0419
The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service server outage...