979 matches found
Mac OS X Finder creates world-readable ".FBCIndex" file thereby disclosing sensitive information
Overview Mac OS X's Find-By-Content indexing may store file data where it can be served to remote users by Apache. Description The Find-By-Content feature of Mac OS X generates indexing data from the contents of files in each directory. It then stores the indexing data for each directory in a...
Moderate: Red Hat Security Advisory: mod_ssl security update for Stronghold
Updated modssl packages are now available for Stronghold on Red Hat Linux Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure...
mm temporary files handling problems
User with Apache web server priveleges can obtain root access...
Moderate: Red Hat Security Advisory: : : : Updated secureweb packages available
Updated secureweb packages are now available for Red Hat Secure Web Server 3.2 U.S.. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Socke...
Moderate: Red Hat Security Advisory: mod_ssl security update
Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...
Moderate: Red Hat Security Advisory: apache security update
The Apache Web server contains a security vulnerability which can be used to launch a denial of service DoS attack or, in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests using "chunked"...
Apache Web Server ap_log_rerror() function discloses full path to CGI script
Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...
Noguska Nola 1.1.1 [ Intranet Business Management Software ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - - compied from their site - Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...
Moderate: Red Hat Security Advisory: : : : Updated secureweb packages fix chunked encoding issue
The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack DoS, or in some cases, allow remote code execution. Red Hat Secure Web server is based on the Apache Web server and the secureweb package has been updated to fix this denial of service...
Apache mod_ssl off-by-one vulnerability
Product: modssl - http://www.modssl.org/ Date: 06/24/2002 Summary: Off-by-one in modssl 2.4.9 and earlier By: Frank Denis - [email protected] --------------------------------------------------------------------- DESCRIPTION --------------------------------------------------------------------- This...
Moderate: Red Hat Security Advisory: apache security update for Stronghold
The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution. Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked...
Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability Original release date: June 17, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Web servers based on Apache code versions 1.3 through 1.3.24 Web servers...
Apache httpd: vulnerability with chunked encoding
-----BEGIN PGP SIGNED MESSAGE----- Date: June 17, 2002 Product: Apache Web Server Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.39 Introduction: While testing for Oracle vulnerabilities, Mark Litchfield discovered a denial of service attack for Apache on...
Apache Web Server vulnerable to DoS via crafted HTTP request
Overview Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests. Description A vulnerability exists in some versions the Apache Web HTTPD Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds...
Vulnerability in Apache for Win32 batch file processing - Remote command execution
Vulnerability in Apache for Win32 batch file processing - Remote command execution = Author: Ory Segal, Sanctum inc. http://www.sanctuminc.com = Release date: March, 21st 2002 Vendor was notified at: Feb. 13th = 2002 = Vendor: Apache group = Product: Apache web server Win32 - Running DOS batch...
Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation
Internet Security Systems Security Alert February 27, 2002 Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation Synopsis: ISS X-Force has learned of multiple buffer overflow vulnerabilities present in the PHP Hypertext Preprocessor scripting language. PHP is a popular server-sid...
Multiple Buffer Overflows in Oracle 9iAS
NGSSoftware Insight Security Research Advisory Name: Oracle PL/SQL Apache Module Systems Affected: Oracle 9iAS Platforms: Sun SPARC Solaris 2.6 MS Windows NT/2000 Server HP-UX 11.0/32-bit Severity: High Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Date: 6th...
CVE-2001-1556
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep...
[CLA-2001:427] Conectiva Linux Security Announcement - mod_auth_pgsql
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : modauthpgsql SUMMARY : Remote vulnerability allow...
Apache web server performs case sensitive filtering on Mac OS X HFS+ case insensitive filesystem
Overview The Apache 1.3.14 web server's file access protection scheme can be bypassed for the Mac OS X HFS+ filesystem. Description The Apache web server's file access protection scheme i.e., file request "filtering" assumes that the filesystem being protected is case sensitve. For example, in a...