mod_jk -- information disclosure

Kazu Nambo reports: URL decoding the the Apache webserver prior to decoding in the Tomcat server could pypass access control rules and give access to pages on a different AJP by sending a crafted URL...

Apache mod_security: Rule bypass

Background modsecurity is an Apache module designed for enhancing the security of the Apache web server. Description Stefan Esser discovered that modsecurity processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers us...

SOL6878 - Apache Rewrite module (mod_rewrite) vulnerabilities CVE-2006-3747

This security advisory describes an off-by-one error, which means the bits are shifted to the left or the right by one value, in the LDAP scheme handling of the Apache Rewrite module. The vulnerability within the Apache Rewrite module allows remote attackers to cause a Denial of Service attack or...

SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700

In the default configuration, BIG-IP and 3-DNS do not require client certificates to connect to the Configuration utility. This vulnerability cannot be exploited without making unsupported changes to the BIG-IP or 3-DNS web server configuration. This problem was tracked as CR53583 and CR53585 and...

SOL5576 - Authentication vulnerability in Apache mod_digest - CAN-2003-0987

Vulnerability description moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. Information about this advisory is available at the following location:...

SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700

Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...

SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures. Although the Configuration utility for F5...

SOL1989 - Apache/mod_ssl Worm vulnerability CA-2002-27

CERT Advisory CA-2002-27 reports a vulnerability that affects many operating systems. For more information about the vulnerability, refer to the following CERT website:...

SOL5278 - Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

Apache modssl SSLVerifyClient bypass vulnerability CAN-2005-2700. Information about this advisory is available at the following location:...

Debian DSA-1247-1 : libapache-mod-auth-kerb - heap overflow

An off-by-one error leading to a heap-based buffer overflow has been identified in libapache-mod-auth-kerb, an Apache module for Kerberos authentication. The error could allow an attacker to trigger an application crash or potentially execute arbitrary code by sending a specially crafted kerberos...

php security update

CentOS Errata and Security Advisory CESA-2007:0348 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting langua...

CVE-2006-7195

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

CVE-2006-7195

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

CVE-2007-1858

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts...

php security update

CentOS Errata and Security Advisory CESA-2007:0349 Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language...

Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...

Apache AXIS Non-Existent WSDL路径信息泄露漏洞

Apache AXIS是一款Apache WebService项目中的子项目，构造基于SOAP应用的解决方案。 Apache AXIS存在信息泄露问题，远程攻击者可以利用漏洞获得WEB服务目录路径信息。 当远程攻击者请求不存在的WSDLWeb服务定义语言文件时，可导致java.io.FileNotFoundException功能中出现错误，而返回软件的物理路径给攻击者，利用这些信息攻击者可对系统进行进一步攻击。 Apache AXIS 1.0 目前没有解决方案提供： http://ws.apache.org/axis/...

Drake CMS (v0.4.0) - CRLF Injection Vulnerability

Drake CMS v0.4.0 - CRLF Injection Vulnerability Vulnerable files: index.php HTTP Request: ------------- POST /index.php?lang=0d0aINJECTEDHEADER3Ainjecteddata HTTP/1.0 Accept: / Content-Type: application/x-www-form-urlencoded User-Agent: Browser/1.0 compatible; MSIE 6.0; Windows NT 5.0; .NET CLR...

GLSA-200705-04 : Apache mod_perl: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200705-04 Apache modperl: Denial of Service Alex Solvey discovered that the 'pathinfo' variable used in file RegistryCooker.pm modperl 2.x or file PerlRun.pm modperl 1.x, is not properly escaped before being processed. Impact : A...

Apache mod_perl: Denial of service

Background Modperl is an Apache module that embeds the Perl interpreter within the server, allowing Perl-based web-applications to be created. Description Alex Solvey discovered that the "pathinfo" variable used in file RegistryCooker.pm modperl 2.x or file PerlRun.pm modperl 1.x, is not properly...