Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl

No description provided by source. !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string ...

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

CVE-2002-1654

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing withou...

CVE-2002-0419

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which 2 in certain configurations, the server IP address is provided as the realm for Basic authentication, which...

CVE-2002-0578

Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long 1 user name or 2 password...

CVE-2002-0578

CVE-2002-0578 affects 4D WebServer 6.7.3. A buffer overflow in handling HTTP requests with Basic Authentication containing an excessively long user name or password allows remote DoS and possibly arbitrary code execution. The vulnerability is triggered by crafted credentials in the request, poten...

IBM Informix Web Datablade 4.1x - Page Request SQL Injection

IBM Informix Web Datablade 4.1x - Page Request SQL Injection source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablad...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack

Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...

CVE-2001-1550

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users...

PT-2001-2581 · Thttpd · Thttpd

Name of the Vulnerable Software and Affected Versions: thttpd versions 1.95 through 2.20 Description: The issue is an off-by-one buffer overflow in Basic Authentication, allowing remote attackers to cause a denial of service and possibly execute arbitrary code. Recommendations: For versions 1.95...

CVE-1999-1372

CVE-1999-1372 concerns the deprecated Triactive Remote Manager with Basic authentication enabled, where credentials are stored in cleartext in registry keys. This storage flaw allows local users to gain privileges due to exposure of usernames and passwords and the local-privilege escalation risk ...

Уязвимость в Internet Explorer &#40;Cached Web Credentials&#41;

После вход на защищенную часть сайта IE запоминает имя и пароль пользователя, и может передать их при обращении к незащищенной части, что позволяет перехватить их при передаче, если используется основная basic авторизация...

CVE-2000-0649

CVE-2000-0649 describes an HTTP internal IP disclosure in IIS 4.0: an attacker can obtain the server’s private IP by requesting a page protected with Basic Authentication (no realm) via HTTP/1.0. Connected documents (Metasploit IIS_INTERNAL_IP module, Nessus/Nessus-like plugin, OpenVAS NASL) corr...

CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

CVE-1999-0853

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure...

asp-server-var.passwds.txt

Date: Wed, 12 Aug 1998 19:26:27 +0800 From: VINCENT LOK Subject: obtain domain users password via asp server variable Dear all, Just noticed that with basic authentication on IIS, one can obtain password of users accessing the ASP page via the server variable AUTHPASSWORD. The line in an asp file...

CVE-1999-1372

Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges...