Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The CVE-2005-2088 vulnerability affects the Apache HTTP Server when acting as an HTTP proxy. Specifically, versions before 1.3.34 and 2.0.x before 2.0.55 are susceptible. The issue arises from handling a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be...

Apache HTTP Request Parsing HTML Injection

Binary data 3042.prm...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

CVE-2002-1850

modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...

CVE-2002-1850

The CVE-2002-1850 issue affects Apache’s mod_cgi in versions 2.0.39 and 2.0.40. A CGI script that writes a large amount of data to stderr can trigger a read/write deadlock between httpd and the CGI script, allowing local users and possibly remote attackers to cause a denial of service (hang and m...

CVE-2005-1266

CVE-2005-1266 affects Apache SpamAssassin 3.0.1–3.0.3, where a remote attacker can trigger a denial of service by sending a message with a long Content-Type header and no boundaries, causing CPU consumption. The issue is documented across multiple advisories and vendors, with Debian Red Hat CentO...

CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service CPU consumption and slowdown via a message with a long Content-Type header without any boundaries...

Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service

Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service /usr/bin/perl -w use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; sub usage print "\n"; print "\n Apache HTTPd Arbitrary Long HTTP Headers DoS \n"; print " Tested Versions : 2 newproto='tcp',...

Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service

Exploit for multiple platform in category dos / poc ============================================================== Apache newproto='tcp', PeerAddr=$host, PeerPort=$port; $socket or die "Cannot connect to the host.\n"; binmode$sock; $hostname="Host: $host"; $buf2='A'x50; $buf4='A'x8183;...

CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service CPU consumption and slowdown via a message with a long Content-Type header without any boundaries...

CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service CPU consumption and slowdown via a message with a long Content-Type header without any boundaries...

CYBSEC - PHPMailer Infinite Loop Denial of Service

CYBSEC S.A. www.cybsec.com Advisory Name: PHPMailer Infinite Loop Denial of Service ============== Vulnerability Class: Denial of Service ==================== Release Date: 05.27.2005 ============= Affected Applications: ====================== PHPMailer = 1.72 Affected Platforms:...

CVE-2004-2115

Multiple cross-site scripting XSS vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the 1 action, 2 username, or 3 password parameters in an isqlplus request...

CVE-2004-2115

Oracle HTTP Server 1.3.22 (based on Apache) is affected by CVE-2004-2115, a cross-site scripting (XSS) vulnerability in which remote attackers can inject and execute arbitrary script as other users via the isqlplus request’s (action, username, or password) parameters. The CVE entry cites this as ...

USN-133-1: Apache utility vulnerability

A buffer overflow was discovered in the "htpasswd" utility. This could be exploited to execute arbitrary code with the privileges of the user invoking htpasswd. This is only a security vulnerability if you have a website that offers a public interface to htpasswd without checking the input...

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)

Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm...