Apache HTTP Server 'mod_include' Privilege Escalation Vulnerability

The remote web server appears to be running a version of Apache HTTP Server that is older than version 1.3.33. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache HTTP Server UserDir Sensitive Information Disclosure

An information leak occurs on Apache HTTP Server based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. SPDX-FileCopyrightText: 2001 SecuriTeam...

Apache HTTP Server Remote Command Execution via .bat files

The Apache HTTP Server 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server although it is reported that any .bat file could open this vulnerability. SPDX-FileCopyrightText: 2002 Matt Moore Some text...

Apache HTTP Server Connection Blocking Denial of Service Vulnerability

The remote web server appears to be running a version of Apache HTTP Server that is less that 2.0.49 or 1.3.31. These versions are vulnerable to a denial of service attack where a remote attacker can block new connections to the server by connecting to a listening socket on a rarely accessed port...

Apache HTTP Server Error Log Escape Sequence Injection Vulnerability

Apache HTTP Server allows the injection of arbitrary escape sequences into its error logs. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Apache HTTP Server Multiple '/' Vulnerability - Active Check

Certain versions of Apache HTTP Server for Win32 have a bug wherein remote users can list directory entries. SPDX-FileCopyrightText: 2000 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache HTTP Server 'mod_ssl' Off By One Vulnerability

The remote host is using a version of modssl which is older than 2.8.10. This version is vulnerable to an off by one buffer overflow which may allow a user with write access to .htaccess files to execute arbitrary code on the system with permissions of the web server. SPDX-FileCopyrightText: 2002...

PHP.EXE / Apache HTTP Server Win32 Arbitrary File Reading Vulnerability - Active Check

A configuration vulnerability exists for PHP.EXE cgi running on Apache HTTP Server for Win32 platforms. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache HTTP Server Auth Module SQL Insertion Attack

This plugin checks whether the web server is using Apache Auth modules which are known to be vulnerable to SQL insertion attacks. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache HTTP Server 2.0.x <= 2.0.39 Win32 Directory Traversal Vulnerability

Apache HTTP Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

apache -- mod_imap cross-site scripting flaw

The Apache HTTP Server Project reports: A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache, mod_ssl: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description modssl contains a security issue when "SSLVerifyClient optional" is configured in the global virtual...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2005:608 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is ...

Important: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...

Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)

This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clea...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

Apache Httpd < 2.0.55 : Byterange filter DoS

A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...