Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

CVE-2002-1407

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack...

NETGEAR ProSafe VPN Firewall Web Server Malformed Basic Authorization Header Remote DoS (intrusive check)

It was possible to crash the remote Web server possibly the NETGEAR ProSafe VPN Web interface by supplying a long malformed username and password. An attacker may use this flaw to disable the remote service. TRUSTED...

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

CVE-2002-1654

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing withou...

PT-2002-1876 · Microsoft · Outlook Express For Mac +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 98 through XP Office for Mac affected versions not specified Internet Explorer for Mac affected versions not specified Outlook Express for Mac affected versions not specified Description: The issue concerns the...

CVE-2002-0419

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which 2 in certain configurations, the server IP address is provided as the realm for Basic authentication, which...

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...

Microsoft Internet Explorer 56 Konqueror 2.2.23.0 Weblogic Server 567 - Invalid X.509 Certificate Chain

Microsoft Internet Explorer 56 Konqueror 2.2.23.0 Weblogic Server 567 - Invalid X.509 Certificate Chain source: https://www.securityfocus.com/bid/5410/info A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible fo...

CVE-2001-0977

CVE-2001-0977 affects slapd in OpenLDAP, where OpenLDAP 1.x prior to 1.2.12 and 2.x prior to 2.0.8 are vulnerable. The issue is triggered by receiving LDAP BER length fields with invalid lengths, allowing remote attackers to cause a denial-of-service crash. Public advisories describe this as a re...

CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service crash via an invalid Basic Encoding Rules BER length field...

CVE-2002-0578

CVE-2002-0578 affects 4D WebServer 6.7.3. A buffer overflow in handling HTTP requests with Basic Authentication containing an excessively long user name or password allows remote DoS and possibly arbitrary code execution. The vulnerability is triggered by crafted credentials in the request, poten...

CVE-2002-0578

Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long 1 user name or 2 password...

IBM Informix Web Datablade 4.1x - Page Request SQL Injection

IBM Informix Web Datablade 4.1x - Page Request SQL Injection source: https://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablad...

CVE-2000-0788

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic VBA scripts in an Access database, which could allow an attacker to execute arbitrary commands...

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server Web Publisher command exposes server to brute force attack

Overview A vulnerability exists in iPlanet Web Server Enterprise Edition and Netscape Enterprise Server that allows an attacker to make repeated authentication attempts if a server is configured to use HTTP basic authentication. While the risk is not greater than any other brute force attack usin...

CVE-2001-1550

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users...

PT-2001-2581 · Thttpd · Thttpd

Name of the Vulnerable Software and Affected Versions: thttpd versions 1.95 through 2.20 Description: The issue is an off-by-one buffer overflow in Basic Authentication, allowing remote attackers to cause a denial of service and possibly execute arbitrary code. Recommendations: For versions 1.95...

PT-2001-2622 · Twig · Twig Webmail

Name of the Vulnerable Software and Affected Versions: TWIG webmail versions 2.7.4 and earlier Description: The default "basic" security setting in config.php for TWIG webmail stores cleartext usernames and passwords in cookies. This could allow attackers to obtain authentication information and...

Microsoft IIS/5 bogus Content-length bug.

Let's say that it's a bug, not a security flaw, but probably can lead into denial of service with some tweaking. When you send a bad request to Microsoft IIS/5.0 server it gives you the error and closes the connection, like when you fail to authenticate. Well... let's take a look to a normal...