21 matches found
SUSE CVE-2006-3918
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)
The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL6669. The text description of this plugin is C F5 Networks...
Oracle HTTP Server - XSS Header Injection
No description provided by source. --------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack...
CentOS 4 : apache (CESA-2006:0618)
Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...
Oracle HTTP Server XSS Header Injection
Exploit for multiple platform in category web applications Attack Pattern ID : CAPEC-86 CWE ID : CI-79 OWASP IDs : A1-Injections, A2-Cross Site Scripting XSS CVE ID : not yet Related CVEs : CVE-2006-3918, CVE-2007-0275 A.K.A : Unfiltered Header Injection Product Type : Application Vendor : Oracle...
SLES9: Security update for Apache
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache-example-pages apache-doc apache-devel apache modssl For more information, please visit the referenced security advisories. More details may also be...
SLES9: Security update for apache2, apache2-prefork, apache2-worker
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-worker apache2-prefork apache2 For more information, please visit the referenced security advisories. More details may also be found by searching for...
SLES9: Security update for apache2,apache2-prefork,apache2-worker
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-worker apache2-prefork apache2 For more information, please visit the referenced security advisories. More details may also be found by searching for...
SuSE9 Security Update : Apache (YOU Patch Number 12125)
This update fixes multiple bugs in apache : - cross-site scripting problem when processing the 'Expect' header. CVE-2006-3918 - cross-site scripting problem in modimap. CVE-2007-5000 - cross-site scripting problem in modstatus. CVE-2007-6388 - cross-site scripting problem in the ftp proxy module...
Ubuntu: Security Advisory (USN-575-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-575-1: Apache vulnerabilities
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user...
Debian Security Advisory DSA 1167-1 (apache)
The remote host is missing an update to apache announced via advisory DSA 1167-1. Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project...
CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...
CVE-2007-5944
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
SOL6669 - Apache HTTP Expect header handling
The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...
SUSE-SA:2006:051: apache2
The remote host is missing the patch for the advisory SUSE-SA:2006:051 apache2. The web server Apache2 has been updated to fix several security issues: The security fix for CVE-2005-3357 denial of service broke the earlier security fix for SSL verification CVE-2005-2700. This problem has been...
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1167-1 [email protected] http://www.debian.org/security/ Steve Kemp September 4th, 2005 http://www.debian.org/security/faq -...
RHEL 3 / 4 : httpd (RHSA-2006:0619)
Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...
Important: Red Hat Security Advisory: apache security update
Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...
CVE-2006-3918
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...