Apache Auth Module SQL Insertion Attack

This plugin checks whether the web server is using Apache Auth modules which are known to be vulnerable to SQL insertion attacks. OpenVAS Vulnerability Test $Id: apacheauthsqlinsertion.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Apache Auth Module SQL Insertion Attack Authors: 2001 Matt...

Apache UserDir Sensitive Information Disclosure

An information leak occurs on Apache based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. OpenVAS Vulnerability Test $Id: apacheusername.nasl...

Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities

The remote host appears to be running a version of Apache 2.x which is older than 2.0.50. There is denial of service in apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this ma...

Apache mod_include privilege escalation

The remote web server appears to be running a version of Apache that is older than version 1.3.33. This version is vulnerable to a local buffer overflow in the gettag function of the module 'modinclude' when a specially crafted document with malformed server-side includes is requested though an...

Oracle 9iAS mod_plsql Buffer Overflow

Oracle 9i Application Server uses Apache as it's web server. There is a buffer overflow in the modplsql module which allows an attacker to run arbitrary code. OpenVAS Vulnerability Test $Id: oracle9imodplsqloverflow.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle 9iAS modplsql Buffer...

mod_access_referer 1.0.2 NULL pointer dereference

The remote web server may be using a modaccessreferer apache module which contains a NULL pointer dereference bug, Abuse of this vulnerability can possibly be used in denial of service attackers against affected systems. OpenVAS Vulnerability Test $Id: modaccessreferer.nasl 8023 2017-12-07...

Apache mod_access rule bypass

The target is running an Apache web server that may not properly handle access controls. In effect, on big-endian 64-bit platforms, Apache fails to match allow or deny rules containing an IP address but not a netmask. OpenVAS has determined the vulnerability exists only by looking at the Server...

CuteNews <= 1.4.1 (shell inject) Remote Command Execution Exploit

No description provided by source. ?php ---cuten141xpl.php 7.13 03/11/2005 CuteNews 1.4.1 shell injection by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with this script:...

Apache HTTP Server /server-status Accessible (HTTP)

Requesting the URI /server-status provides information on the server activity and performance. SPDX-FileCopyrightText: 2005 StrongHoldNet SPDX-FileCopyrightText: New NASL / detection code since 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

Apache HTTP Server 'mod_access_referer' 1.0.2 NULL Pointer Dereference Vulnerability

Apache HTTP Server running the SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; ifdescription...

Apache Tomcat source.jsp Malformed Request Information Disclosure Vulnerability - Active Check

The source.jsp file, distributed with Apache Tomcat server, will disclose information when passed a malformed request. SPDX-FileCopyrightText: 2004 David Kyger Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache Tomcat < 3.3.1a Directory Listing and File Disclosure Vulnerability - Active Check

Apache Tomcat is prone to a directory listing and a file disclosure vulnerability. SPDX-FileCopyrightText: 2003 A.D.Consulting Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 'mod_rootme' Backdoor

The remote system appears to be running the modrootme module, this module silently allows a user to gain a root shell access to the machine via HTTP requests. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Apache HTTP Server 'mod_proxy' Content-length Buffer Overflow Vulnerabilities

The remote web server appears to be running a version of Apache HTTP Server that is older than version 1.3.32. This version is vulnerable to a heap based buffer overflow in proxyutil.c for modproxy. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a...

Apache HTTP Server Directory Listing

By making a request to the Apache HTTP server ending in SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Requests can be: /?M=A or /?S=D etc Note:...

JServ Cross Site Scripting

The remote web server is vulnerable to a cross-site scripting issue. Older versions of JServ including the version shipped with Oracle9i App Server v1.0.2 are vulnerable to a cross site scripting attack using a request for a non-existent .JSP file. SPDX-FileCopyrightText: 2002 Matt Moore Some tex...

HTTP Cookie Overflow DoS Vulnerability

It was possible to kill the web server by sending an invalid request with a too long Cookie name or value. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache HTTP Server <= 1.3.33 htpasswd Local Overflow Vulnerability

The remote host appears to be running Apache HTTP Server 1.3.33 or older. There is a local buffer overflow in the SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Apache HTTP Server 'mod_access' Rule Bypass Vulnerability

The target is running an Apache web server that may not properly handle access controls. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

Tripwire for Webpages Detection (HTTP)

We detected the remote web server is running Tripwire for Webpages under the Apache HTTP Server. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...