266 matches found
httpd: AllowOverride Options=IncludesNoExec allows Options Includes
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
CentOS Update for php CESA-2008:0546-01 centos2 i386
Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0546-01 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
mod_ssl SSLCipherSuite bypass
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
CVE-2008-0005
modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...
CVE-2007-3847
The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...
CVE-2006-3747
Off-by-one error in the ldap scheme handling in the Rewrite module modrewrite in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via...
[Full-disclosure] [USN-328-1] Apache vulnerability
=========================================================== Ubuntu Security Notice USN-328-1 July 27, 2006 apache2 vulnerability CVE-2006-3747 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LT...
DSA-952-1 libapache-auth-ldap - format string vulnerability
Bulletin has no description...
[Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module
ID: NOVL102200 Domain: primus Solution Class: Novell Fact: Novell iManager 2.02 Fact: Apache 2.0.48 Fact: OpenSSL 0.9.7 Symptom: OpenSSL ASN.1 Parsing vulnerability in Apache Symptom: Server stops responding and an error occurs Cause: Multiple vulnerabilities were reported in the ASN.1 parsing co...
USN-120-1: Apache 2 vulnerability
Luca Ercoli discovered that the "htdigest" program did not perform any bounds checking when it copied the "user" and "realm" arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow 1 // source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm...
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers. By supplying an overly long realm value to th...
CVE-2002-1592
The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...
HP-UX PHSS_29987 : HP-UX Running Apache, Remote Denial of Service (DoS) or Elevation Privilege, or Execution of Arbitrary Code (HPSBUX00197 SSRT2332 rev.11)
s700800 11.X OV NNM6.31/ET1.51 Intermediate Patch, Nov-03 : A potential remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP...
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...
Apache on Mac OS X HFS+ Arbitrary File Source Disclosure
The remote host seems to be running Mac OS X or Mac OS X Server. There is a flaw in the remote web server that allows an attacker to obtain the source code of any given file on the remote web server by reading it through its data fork directly. An attacker may exploit this flaw to obtain the sour...
Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)
A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan Trivedi; he found that by sending a large amount of specially- crafted HTTP GET requests, a remote attacker could cause a Denial of Service on the httpd server. This vulnerability is due to improper enforcement of the field length...
GLSA-200411-18 : Apache 2.0: Denial of Service by memory consumption
The remote host is affected by the vulnerability described in GLSA-200411-18 Apache 2.0: Denial of Service by memory consumption Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact : By...