979 matches found
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache 2.0 series webservers are prone to a denial-of-service condition. This issue occurs because of the way that Apache handles excessive amounts of consecutive linefeed characters. The server may allocate large amounts of memory, resulting in a denial of service. OpenVAS Vulnerability Test $Id...
PT-2009-3399 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server with mod perl affected versions not specified Description: A cross-site scripting XSS issue exists in Status.pm in Apache::Status and Apache2::Status for the Apache HTTP Server. This occurs when the /perl-status page is...
Fedora Update for mod_perl FEDORA-2007-576
Check for the Version of modperl OpenVAS Vulnerability Test Fedora Update for modperl FEDORA-2007-576 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Fedora Update for php FEDORA-2007-455
Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2007-455 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of th...
httpd: mod_proxy_http DoS via excessive interim responses from the origin server
A flaw was found in the modproxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...
DEBIAN-CVE-2008-2364
The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...
httpd mod_proxy_balancer cross-site scripting
Cross-site scripting XSS vulnerability in balancer-manager in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 ss, 2 wr, or 3 rr parameters, or 4 the URL...
mod_proxy_ftp XSS
modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...
PT-2008-2088 · Apache +2 · Apache Http Server +2
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 1.3.39 and earlier in the 1.3.x series Apache HTTP Server versions 2.0.61 and earlier in the 2.0.x series Apache HTTP Server versions 2.2.6 and earlier in the 2.2.x series Description: A CRLF injection issue in the...
Debian Security Advisory DSA 187-1 (apache)
The remote host is missing an update to apache announced via advisory DSA 187-1. OpenVAS Vulnerability Test $Id: deb1871.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 187-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
httpd mod_proxy_balancer crash
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
httpd: out of bounds read
The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...