5713 matches found
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2009:1075 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and...
Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Apache HTTP server is prone to a security-bypass vulnerability related to the handling of specific configuration directives. A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further...
RHEL 5 : httpd (RHSA-2009:1075)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1075 advisory. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mods...
Moderate: Red Hat Security Advisory: httpd security update
Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the...
httpd mod_proxy_ajp information disclosure
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
Apache HTTP Server Detection (HTTP)
HTTP based detection of the Apache HTTP Server. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache HTTP Server 'mod_proxy_ajp' Information Disclosure Vulnerability
Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle BEA WebLogic IIS connector JSESSIONID Stack Buffer Overflow (CVE-2008-5457)
BEA WebLogic is a Java Application Server platform typically used as the platform for large enterprise web applications. Specifically, the vulnerability exists in the connector software for Apache HTTP server shipped with BEA WebLogic. BEA WebLogic Platform ships with a connector for Apache HTTP...
Apache mod_proxy_ajp信息泄露漏洞
BUGTRAQ ID: 34663 CVECAN ID: CVE-2009-1191 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxyajp模块在处理畸形的POST请求时存在错误,远程攻击者可以通过提交特制的HTTP请求泄露其他用户请求相关的响应数据。 Apache 2.2.11 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apache.org/dist/httpd/patches/applyto2.2.11/PR46949.diff...
CVE-2009-1191
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
Cross site request forgery (csrf)
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
CVE-2009-1191
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
EUVD-2009-1190
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
CVE-2009-1191
modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...
CVE-2009-0796
Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...
CVE-2009-0796
Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...
CVE-2009-0796
Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...
CVE-2009-0796
Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...
Design/Logic Flaw
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via 1 "external tools" or 2 a crafted forensic image...