CVE-2002-0654

CVE-2002-0654 affects Apache HTTP Server 2.0.x (up to 2.0.39) on Windows, OS/2 and NetWare. The vulnerability allows remote attackers to disclose the server’s full path by triggering errors from (1) a request for a .var file or (2) a failure when invoking a CGI child process, causing error messag...

CVE-2002-0661

Apache HTTP Server 2.0.x up to 2.0.39 on Windows/OS2/Netware is affected by CVE-2002-0661 through a directory traversal flaw. An attacker can use backslash-embedded ... sequences to read arbitrary files and, per sources, potentially execute commands via the vulnerable path. The issue is fixed in ...

security flaw

OSSP mm library libmm before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack...

CVE-2001-1072

CVE-2001-1072 affects Apache with mod_rewrite enabled on UNIX systems. The vulnerability arises when an attacker can insert extra / characters into the requested path, causing the RewriteRule’s regular expression to fail and allowing the path to bypass RewriteRules. The affected component is mod_...

CVE-2001-1342

Apache httpd before 1.3.20 on Windows and OS/2 is vulnerable to a denial-of-service via a crafted URI containing many slashes or other characters, which causes dereferencing of a NULL pointer in certain functions. The issue leads to a General Protection Fault in a child process when handling the ...

Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow

Apache modssl 2.8.x - Off-by-One HTAccess Buffer Overflow source: https://www.securityfocus.com/bid/5084/info An off-by-one issue exists in modssl that affects Apache when handling certain types of long entries in an .htaccess file. Though this capability within the web server is not enabled by...

security flaw

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size...

Apache Chunked Encoding Remote Overflow

The remote Apache web server is affected by the Apache web server chunk handling vulnerability. If safe checks are enabled, this may be a false positive since it is based on the version of Apache. Although unpatched Apache versions 1.2.2 and above, 1.3 through 1.3.24, and 2.0 through 2.0.36 are...

Apache on Windows php.exe Malformed Request Path Disclosure

The version of Apache running on the remote Windows host will reveal the physical path of the PHP cgi binary when sent a specially crafted HTTP GET request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11008;...

FreeBSD-SA-02:26.accept

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:26.accept Security Advisory The FreeBSD Project Topic: Remote denial-of-service when using accept filters Category: core Module: kernel Announced: 2002-05-29 Credits: Mik...

DEBIAN-CVE-2002-1592

The aplogrerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information...

CVE-2002-0240

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message...

CVE-2002-0240

CVE-2002-0240 affects PHP when deployed with Apache and configured to serve index.php by default. The vulnerability allows remote attackers to learn the server’s full pathname via the HTTP OPTIONS method, leaking a partial confidentiality breach (PARTIAL) without impact to integrity/availability,...

CVE-2001-1216

CVE-2001-1216 affects Oracle 9i Application Server’s PL/SQL Apache module (mod_plsql). A buffer overflow in the mod_plsql/PLSQL path can be triggered by a long request for a help page, allowing remote attackers to execute arbitrary code or cause a crash. The vulnerability is tied to Oracle 9iAS’s...

CVE-2001-0590

CVE-2001-0590 affects Apache Tomcat Servlet prior to 3.2.2. A malformed URL request that does not end with a protocol (e.g., HTTP/1.0) can cause a remote attacker to read the source code of arbitrary JSP files, constituting information disclosure. The issue is confirmed in multiple sources tying ...

CVE-2001-0925

The CVE-2001-0925 entry describes a vulnerability in the default installation of Apache prior to 1.3.19 where a crafted HTTP request containing many slashes can cause directory listings (instead of the multiview index) due to mishandling by mod_negotiation, mod_dir, or mod_autoindex. Affected sof...

CVE-2001-1013

Apache on Red Hat Linux with the UserDir directive enabled is affected by CVE-2001-1013. The vulnerability arises because the web server generates different error codes depending on whether a username exists and a public_html directory is present, versus when the username does not exist. This beh...

Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure

source: https://www.securityfocus.com/bid/3786/info A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers. As a result, it is possible...

CVE-2001-1534

modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication...

CVE-2001-0729

CVE-2001-0729 concerns Apache HTTP Server on Windows (Win32) where a bug in Apache 1.3.20 can expose directory contents. The vulnerability arises when a client sends a very long URI composed of many forward slashes, allowing a remote attacker to bypass the default index page and cause directory l...