Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers. By supplying an overly long realm value to th...

CVE-2004-1834

moddiskcache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information...

CVE-2003-1138

The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash //...

CVE-2003-1172

Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. dot dot in the filename parameter...

CVE-2004-1834

moddiskcache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information...

CVE-2003-1138

The CVE-2003-1138 issue affects Apache 2.0.40 as shipped with Red Hat Linux 9.0. The vulnerability arises from handling a GET request containing a double slash (//), which allows remote attackers to list directory contents despite auto indexing being disabled or a default page configured. The sec...

CVE-2003-1171

The CVE-2003-1171 entry describes a heap-based buffer overflow in the sec_filter_out function of mod_security 1.7RC1 through 1.7.1 running on Apache 2, enabling remote code execution when a server-side script sends a large amount of data. Affected component: mod_security (Apache 2 integration). U...

CVE-2003-1172

The CVE-2003-1172 entry concerns a directory traversal vulnerability in the view-source sample file of Apache Cocoon 2.1 and 2.2. The flaw allows remote attackers to access arbitrary files by supplying a .. (dot dot) sequence in the filename parameter. This is a server-side path traversal issue w...

CVE-2004-1834

The CVE-2004-1834 issue affects mod_disk_cache in Apache 2.0–2.0.49, which stores client headers (including authentication information) on disk, potentially allowing local users to access sensitive data. The provided documents confirm the vulnerability description but do not specify a concrete fi...

php security update

CentOS Errata and Security Advisory CESA-2005:406 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache...

Mac OS X Multiple Vulnerabilities (Security Update 2005-005)

The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN...

DEBIAN-CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

php security update

CentOS Errata and Security Advisory CESA-2005:405 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache...

Moderate: Red Hat Security Advisory: PHP security update

Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP...

CVE-2002-1658

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless...

CVE-2005-1344

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is...

CVE-2005-1344

CVE-2005-1344 describes a buffer overflow in Apache's htdigest (version 2.0.52) that could allow arbitrary code execution via a long realm argument. The advisory notes that htdigest is typically locally accessible and not setuid/setgid, so privilege escalation is unlikely unless htdigest is invok...

CVE-2002-1658

CVE-2002-1658 describes a buffer overflow in htdigest used by Apache 1.3.26/1.3.27 that may allow arbitrary code execution via a long user argument. The vulnerability is tied to htdigest functionality, with local access as the attack vector and no setuid/setgid context; escalation of privileges i...

CVE-2004-1082

moddigestapple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials...

CVE-2001-1449

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories...