CVE-2004-0488

The provided documents confirm CVE-2004-0488: a stack-based buffer overflow in the ssl_util_uuencode_binary function of ssl_util.c used by Apache mod_ssl when configured to trust the issuing CA. This can allow remote code execution via a client certificate with a long subject DN. The issue affect...

apache

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog which could create an exploit if the error log is read in a termina...

CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

CVE-2004-0174

CVE-2004-0174 affects Apache HTTP Server via a denial-of-service condition caused by handling multiple listening sockets. OpenVAS entries describe the vulnerability as applicable to Apache versions older than 2.0.49 or 1.3.31, where a remote attacker can block new connections by targeting a rarel...

ModSecurity for Apache vulnerable to off-by-one overflow when directive "SecFilterScanPost" is enabled

Overview A vulnerability in the modsecurity module for Apache may permit a remote attacker to execute arbitrary code on the vulnerable web server. Description ModSecurity is an open source intrusion detection and prevention engine for web applications. The modsecurity module for Apache 2.0.X...

Apache mod_disk_cache information leak

Full headers, including authentication ifnormation, are stored in file...

security flaw

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

CVE-2004-1082

moddigestapple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials...

CVE-2003-0987

CVE-2003-0987 affects Apache’s mod_digest prior to 1.3.31, where nonce verification using an AuthNonce secret can enable a replay attack. Affected component: mod_digest in the Apache HTTP Server. Root cause: improper nonce validation allows interception and replay of Digest authentication sequenc...

Apache mod_php and mod_perl file decriptor leak

Descriptor leakage allowws to spoof https session in child process...

security flaw

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

Apache 1.3.*-2.0.48 mod_userdir Remote Users Disclosure Exploit

Exploit for linux platform in category remote exploits =============================================================== Apache 1.3.-2.0.48 moduserdir Remote Users Disclosure Exploit =============================================================== / m00-apache-w00t.c Apache 1.3.-2.0.48 remote users...

Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Overflow

/ \ exploit code for modgzip with debugmode include include netd...

DEBIAN-CVE-2003-0789

modcgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client...

CVE-2003-0542

The CVE-2003-0542 entry applies to Apache before 1.3.29, where multiple stack-based buffer overflows affect mod_alias and mod_rewrite. The root cause is a vulnerability in a regular expression with more than 9 captures, allowing an attacker to crash the server or execute arbitrary code via crafte...

CVE-2003-0789

The provided documents confirm CVE-2003-0789 is an Apache mod_cgid issue where CGI redirect paths are mishandled when using a threaded MPM, potentially causing CGI output to be sent to the wrong client. This is tied to the mod_cgid component of Apache and is discussed alongside CAN-2003-0542 (buf...

CVE-2003-0844

The CVE affects mod_gzip 1.3.26.1a and earlier. In debug mode without the Apache log, it allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix, or (2) an NTFS hard link on Windows when the policy to strengthen default permissions is no...

CVE-2002-1567

CVE-2002-1567 is an XSS vulnerability in Apache Tomcat 4.1 where an attacker can cause script execution and cookie theft by crafting a URL containing encoded newline characters that precede a .jsp request. The underlying issue is improper sanitization of request strings in Tomcat 4.1 (affecting 4...

CVE-2003-0658

The CVE-2003-0658 issue affects Docview prior to 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, and OpenServer 5.0.7, where Apache is misconfigured to allow remote attackers to read arbitrary publicly readable files via a specific URL (likely related to rewrite rules). The PT security document...