Fedora Core 5 : spamassassin-3.1.9-1.fc5.1 (2007-584)

Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. http://spamassassin.apache.org/advisories/CVE-2007-2873.txt Note that Tenable Network Security has extracted the preceding description block directly from the...

Apache MyFaces Tomahawk JSF Framework 1.1.5 - 'Autoscroll' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to launch cross-site scripting attacks on...

RHEL 3 / 4 / 5 : mod_perl (RHSA-2007:0395)

Updated modperl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Modperl incorporates a Perl interpreter into the Apache web server, so that the Apache web...

apache mod rewrite exploit (win32)

No description provided by source. / apache mod rewrite exploit win32 By: fabio/b0x oc-192, old CoTS member Vuln details: http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded Code: bind shell on port 4445, tested on apache 2.0.58 with modrewrite windows 2003...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

Information disclosure

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

CVE-2007-1862

The CVE-2007-1862 issue affects Apache 2.2.4’s mod_mem_cache recall_headers, where not all header levels are copied, potentially causing HTTP responses to include previously used data. This could lead to information disclosure to remote attackers. Connected advisories confirm affected packages an...

CVE-2007-1862

The recallheaders function in modmemcache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...

mod_jk sends decoded URL to tomcat

modjk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. dot dot sequences and...

Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)

No description provided by source. / apache mod rewrite exploit win32 By: fabio/b0x oc-192, old CoTS member Vuln details: http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded Code: bind shell on port 4445, tested on apache 2.0.58 with modrewrite windows 2003...

jsp vulnerabilities and solutions-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)

Exploit for unknown platform in category remote exploits ========================================================== Apache 2.0.58 modrewrite Remote Overflow Exploit win2k3 ========================================================== / apache mod rewrite exploit win32 By: fabio/b0x oc-192, old CoTS...

Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow

/ apache mod rewrite exploit win32 By: fabio/b0x oc-192, old CoTS member Vuln details: http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded Code: bind shell on port 4445, tested on apache 2.0.58 with modrewrite windows 2003 original exploit http://milw0rm.com/exploits/3680 only...

[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache mod_jk 1.2.20 Buffer Overflow

This is a stack buffer overflow exploit for modjk 1.2.20. Should work on any Win32 OS. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modjk 1.2.20 Buffer Overflow', 'Description' = %q...

GLSA-200705-17 : Apache mod_security: Rule bypass

The remote host is affected by the vulnerability described in GLSA-200705-17 Apache modsecurity: Rule bypass Stefan Esser discovered that modsecurity processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers used in we...

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat...

Apache 2.0.52 Multiple Space Header DoS

No description provided by source. !/usr/bin/perl Noam Rathaus of Beyond Security Ltd. use strict; use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; my $socket = IO::Socket::INET-newproto='tcp', PeerAddr=$host, PeerPort=$port; ...