Lucene search
K

266 matches found

Tenable Nessus
Tenable Nessus
added 2016/05/31 12:0 a.m.84 views

F5 Networks BIG-IP : Apache vulnerability (K16863)

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' CVE-2013-5704 C...

5CVSS6.3AI score0.60205EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2016/05/26 12:0 a.m.44 views

F5 Networks BIG-IP : Apache vulnerability (SOL17251)

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...

5CVSS6.3AI score0.73327EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2015/12/23 12:0 a.m.65 views

SOL52470083 - Apache vulnerability CVE-2010-0408

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

5CVSS2.5AI score0.20787EPSS
Exploits1References4
OSV
OSV
added 2015/10/01 2:20 p.m.8 views

SUSE-SU-2015:1885-2 Security update for apache2

Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache bsc938728, CVE-2015-3183 Bugs fixed: - add SSLSessionTickets directive bsc941676 - hardcode modules %files bsc444878 - only enable...

5CVSS4.9AI score0.73327EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2015/09/16 12:0 a.m.36 views

F5 Networks BIG-IP : Apache vulnerability (SOL15902)

Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service memory...

5CVSS6.4AI score0.20167EPSS
Exploits0References2
CNVD
CNVD
added 2015/07/20 12:0 a.m.3 views

Apache ErrorDocument 400 Points to Denial of Service Vulnerability

Apache is an open source HTTPD service program. A security vulnerability exists in Apache that allows a remote user to crash an application via ErrorDocument 400 pointing to a local URL path containing an active INCLUDES filter, resulting in a denial-of-service attack...

5CVSS8.1AI score0.14734EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.4 views

CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods

It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...

5CVSS5.8AI score0.09224EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2014/12/31 12:0 a.m.5 views

PT-2014-3641 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: FusionForge affected versions not specified Description: The issue is related to an insecure Apache configuration that is shipped with FusionForge. Recommendations: At the moment, there is no information about a newer version that contains a...

9.8CVSS6AI score0.00464EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2014/12/19 12:0 a.m.27 views

F5 Networks BIG-IP : Apache vulnerability (SOL15920)

Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...

4.3CVSS7.6AI score0.30406EPSS
Exploits5References2
F5 Networks
F5 Networks
added 2014/12/18 12:0 a.m.44 views

SOL15920 - Apache vulnerability CVE-2011-0419

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP and...

4.3CVSS2.3AI score0.30406EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.63 views

F5 Networks BIG-IP : Apache vulnerability (SOL15273)

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

4.3CVSS6.5AI score0.82756EPSS
Exploits4References2
myhack58
myhack58
added 2014/05/05 12:0 a.m.9 views

Apache vulnerabilities-after suffix name parsing vulnerability-vulnerability warning-the black bar safety net

We all know that windows2003 + IIS6. 0, if the directory structure has xxx. asp such a directory, then all the directory of the file regardless of the extension of what are as asp to parse. We generally call this the loophole for windows2003+iis6. 0 directory to resolve the vulnerability. Blog...

7.2AI score
Exploits0
myhack58
myhack58
added 2013/03/06 12:0 a.m.24 views

PHPCMS v9 Getshell(apache parse-a vulnerability warning-the black bar safety net

Vulnerability type: file upload leads to arbitrary code execution Brief description: phpcms v9 getshell apache Detailed description: Vulnerability file: phpcms\modules\attachment\attachments.php 1. public function cropupload 2. isset$GLOBALS"HTTPRAWPOSTDATA" 3. $pic = $GLOBALS"HTTPRAWPOSTDATA"; 4...

7.7AI score
Exploits0
OSV
OSV
added 2012/07/25 7:55 p.m.8 views

CVE-2012-2760

modauthopenid before 0.7 for Apache uses world-readable permissions for /tmp/modauthopenid.db, which allows local users to obtain session ids...

6AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2012/06/05 12:0 a.m.43 views

PHP 5.4.x < 5.4.3 Multiple Vulnerabilities

Binary data 6495.prm...

9.8CVSS10AI score0.99998EPSS
Exploits48References8
OpenVAS
OpenVAS
added 2012/04/30 12:0 a.m.25 views

Debian Security Advisory DSA 2452-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 2452-1. OpenVAS Vulnerability Test $Id: deb24521.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2452-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

4.4CVSS0.5AI score0.00363EPSS
Exploits0
F5 Networks
F5 Networks
added 2011/12/28 12:0 a.m.59 views

SOL13277 - Apache vulnerability CVE-2009-2412

Recommended action ARX To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column of the table. To mitigate this vulnerability, do not enable access to the ARX management API. Supplemental Information Note: The previous link takes you to...

10CVSS7.3AI score0.13781EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2011/06/08 3:41 p.m.6 views

(mod_dav_svn): File contents disclosure of files configured to be unreadable by those users

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...

4.3CVSS5.8AI score0.05993EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2010/09/27 12:0 a.m.30 views

Ubuntu Update for apache2 vulnerability USN-990-2

Ubuntu Update for Linux kernel vulnerabilities USN-990-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN9902.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for apache2 vulnerability USN-990-2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

5.8CVSS0.87264EPSS
Exploits14References2
Ubuntu
Ubuntu
added 2009/08/08 1:4 a.m.48 views

USN-813-2: Apache vulnerability

USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed...

10CVSS8AI score0.13781EPSS
Exploits2
Rows per page
Query Builder