1187 matches found
httpd: mod_mime buffer overread
A buffer over-read flaw was found in the httpd's modmime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash...
httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...
International Islamic University Chittagong: Another Internal Path Disclosure
Keeping your previous fixes in mind, I found another endpoint which is disclosing full internal path through 500 Internal Server error. POC-URL: http://119.18.148.140/iiuc/login/ Request: GET http://119.18.148.140/iiuc/login/ HTTP/1.1 Host: 119.18.148.140 Connection: keep-alive User-Agent:...
International Islamic University Chittagong: Full Path Disclosed
Hi, i want to say that you have not fixed the previous report properly i can still find the path fix it properly the paths should be hidden text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://119.18.148.140/hrd/login.php? Cookie:...
GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)
The remote host is affected by the vulnerability described in GLSA-201710-32 Apache: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details. Impact : The Optionsbleed vulnerability can leak arbitrary memory from t...
Exploit for Command Injection in Php
It is an exploit module/toolkit targeting web servers. The targe...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017
The Morton Salt slogan “When it rains it pours” refers to its free flowing salt with a pouring spot and is a variation of the proverb “It never rains but it pours.” Unfortunately, Mother Nature has taken the proverb literally. This has been a devastating hurricane season for the United States and...
USN-3425-1 apache2 vulnerability
Hanno Böck discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed...
ownCloud: Banner Grabbing - Apache Server Version Disclousure
Hello ownCloud, I'd like to report a nice little bug. Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. I've captured the HTTP request while visiting https://marketplace.owncloud.com/ and...
DEBIAN-CVE-2017-9798
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...
Exploit for Use After Free in Apache Http_Server
optionsbleed ============ This is a proof of concept code to te...
httpd: Uninitialized memory reflection in mod_auth_digest
It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...
WiseGiga NAS - Multiple Vulnerabilities
Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS...
BSA-2017-361
Security Advisory ID : BSA-2017-361 Component : Apache HTTPD Revision : 2.0: Final In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of theapgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
The vulnerability of the mod_auth_digest module in the Apache HTTP Server allows a hacker to cause the server to terminate abnormally.
The vulnerability of the modauthdigest module in the Apache HTTP Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause the server to terminate abnormally. Each instance of the server will continue to terminate abnormally eve...
VehicleWorkshop - Arbitrary File Upload
Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...
DEBIAN-CVE-2016-8743
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...
DEBIAN-CVE-2016-2161
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to modauthdigest can cause the server to crash, and each instance continues to crash even for subsequently valid requests...
Null pointer dereference
A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...