CVE-2008-0455

CVE-2008-0455 is an XSS vulnerability in the mod_negotiation module of Apache HTTP Server. A remote authenticated attacker can upload a file whose name contains XSS sequences and a file extension, causing arbitrary script/HTML to be injected into HTTP responses (notably for 406 Not Acceptable or ...

CVE-2008-0456

CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...

CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct several security issues are now available for Red Hat Application Stack v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. These...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0008 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

apache security update

CentOS Errata and Security Advisory CESA-2008:0004-01 Updated apache packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popul...

SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason - Apache modstatus Refresh Header - Open Redirector XSS Author: sp3x Date: - - Written: 15.12.2007 - - Public: 15.01.2008 SecurityReason Research SecurityAlert Id: 50 CVE: CVE-2007-6388 SecurityRisk: Low Affected Software: Apache 2.2.x...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0006 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0005 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimagemap...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct security issues are now available for Red Hat Application Stack v1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimagemap...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

RHEL 3 : httpd (RHSA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

Apache 'mod_proxy_balancer'存在多个漏洞

BUGTRAQ ID: 27236 CVE ID:CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6423 CNCVE ID:CNCVE-20076420 CNCVE-20076421 CNCVE-20076422 CNCVE-20076423 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxybalancer模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本，CSRF，拒绝服务等攻击。 1，由于所有行为通过GET访问执行，存在“CSRF”攻击。...

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

BUGTRAQ ID: 27237 CVE ID:CVE-2007-6388 CNCVE ID:CNCVE-20076388 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modstatus模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 server-status页默认不启用。目前没有详细漏洞细节提供。 Posadis Posadis 1.3.31 Posadis Posadis 1.3.28 Apache Software Foundation Apache 2.2.6 Apac...

Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞

BUGTRAQ ID: 27234 CVE ID:CVE-2008-0005 CNCVE ID:CNCVE-20080005 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxyftp模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 modproxyftp.c存在跨站脚本问题，字符集没有定义，我们可以通过设置字符集未UTF-7，在URL中使用";"字符进行跨站脚本攻击。 Apache Software Foundation Apache 2.2.6 Apache...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...