266 matches found
apache2 multiple space header denial-of-service vulnerability
It is possible for remote attackers to cause a denial-of-service scenario on Apache 2.0.52 and earlier by sending an HTTP GET request with a MIME header containing multiple lines full of whitespaces...
PT-2004-1967 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x through 1.3.32 Description: The issue is related to a buffer overflow in the get tag function in mod include, which allows local users who can create SSI documents to execute arbitrary code as the apache user. This can b...
CVE-2004-0786
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service child process crash via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool...
CVE-2004-0786
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service child process crash via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool...
CVE-2004-0885
The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration...
GLSA-200409-33 : Apache: Exposure of protected directories
The remote host is affected by the vulnerability described in GLSA-200409-33 Apache: Exposure of protected directories A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain...
Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass
Binary data 2309.prm...
CVE-2004-0747
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...
SA04-002 - Apache config file env variable buffer overflow
SITIC Vulnerability Advisory Advisory Name: Apache config file env variable buffer overflow Advisory Reference: SA04-002 Date of initial release: 2004-09-15 Product: Apache 2.0.x Platform: Linux, BSD systems, Unix, Windows Effect: Code execution when processing .htaccess files Vulnerability...
htpasswd Apache 1.3.31 - Local Overflow
!/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68"...
Apache < 2.0.51 ${ENVVAR} Local Overflow
Binary data 2290.prm...
Apache < 2.0.51 IPv6 Remote Buffer Overflow
Binary data 2292.prm...
Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS
Binary data 2291.prm...
apache -- ap_resolve_env buffer overflow
SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...
apache -- apr_uri_parse IPv6 address handling vulnerability
The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apruriparse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitab...
CVE-2004-0748
modssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service CPU consumption by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop...
CVE-2004-0173
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" dot dot encoded backslash sequences...
CVE-2002-1156
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled...