Lucene search
K

21 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.8 views

SUSE CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

4.3CVSS6AI score0.94281EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.64 views

F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL6669. The text description of this plugin is C F5 Networks...

4.3CVSS7.3AI score0.94281EPSS
Exploits7References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.316 views

Oracle HTTP Server - XSS Header Injection

No description provided by source. --------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack...

4.3CVSS0.2AI score0.94281EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2013/06/29 12:0 a.m.61 views

CentOS 4 : apache (CESA-2006:0618)

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...

4.3CVSS6.8AI score0.94281EPSS
Exploits7References2
0day.today
0day.today
added 2011/06/12 12:0 a.m.113 views

Oracle HTTP Server XSS Header Injection

Exploit for multiple platform in category web applications Attack Pattern ID : CAPEC-86 CWE ID : CI-79 OWASP IDs : A1-Injections, A2-Cross Site Scripting XSS CVE ID : not yet Related CVEs : CVE-2006-3918, CVE-2007-0275 A.K.A : Unfiltered Header Injection Product Type : Application Vendor : Oracle...

7.1AI score0.94281EPSS
Exploits7
OpenVAS
OpenVAS
added 2009/10/10 12:0 a.m.36 views

SLES9: Security update for Apache

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache-example-pages apache-doc apache-devel apache modssl For more information, please visit the referenced security advisories. More details may also be...

4.3CVSS7.8AI score0.94281EPSS
Exploits11References1
OpenVAS
OpenVAS
added 2009/10/10 12:0 a.m.51 views

SLES9: Security update for apache2, apache2-prefork, apache2-worker

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-worker apache2-prefork apache2 For more information, please visit the referenced security advisories. More details may also be found by searching for...

10CVSS7.7AI score0.94281EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2009/10/10 12:0 a.m.61 views

SLES9: Security update for apache2,apache2-prefork,apache2-worker

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: apache2-worker apache2-prefork apache2 For more information, please visit the referenced security advisories. More details may also be found by searching for...

10CVSS0.5AI score0.94281EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.44 views

SuSE9 Security Update : Apache (YOU Patch Number 12125)

This update fixes multiple bugs in apache : - cross-site scripting problem when processing the 'Expect' header. CVE-2006-3918 - cross-site scripting problem in modimap. CVE-2007-5000 - cross-site scripting problem in modstatus. CVE-2007-6388 - cross-site scripting problem in the ftp proxy module...

4.3CVSS7.1AI score0.94281EPSS
Exploits11References8
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-575-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.8AI score0.94281EPSS
Exploits12References2
Ubuntu
Ubuntu
added 2008/02/04 10:39 p.m.91 views

USN-575-1: Apache vulnerabilities

It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user...

6.1CVSS6.7AI score0.94281EPSS
Exploits12
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.50 views

Debian Security Advisory DSA 1167-1 (apache)

The remote host is missing an update to apache announced via advisory DSA 1167-1. Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project...

4.3CVSS0.3AI score0.94281EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2007/12/03 10:46 p.m.36 views

CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

4.3CVSS7.1AI score0.80749EPSS
Exploits1References2
NVD
NVD
added 2007/11/14 1:46 a.m.35 views

CVE-2007-5944

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

4.3CVSS5.3AI score0.01786EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2007/05/16 12:0 a.m.103 views

SOL6669 - Apache HTTP Expect header handling

The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code suc...

4.3CVSS6.3AI score0.94281EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.47 views

SUSE-SA:2006:051: apache2

The remote host is missing the patch for the advisory SUSE-SA:2006:051 apache2. The web server Apache2 has been updated to fix several security issues: The security fix for CVE-2005-3357 denial of service broke the earlier security fix for SSL verification CVE-2005-2700. This problem has been...

10CVSS6.2AI score0.94281EPSS
Exploits8
Debian
Debian
added 2006/09/04 3:8 p.m.59 views

[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1167-1 [email protected] http://www.debian.org/security/ Steve Kemp September 4th, 2005 http://www.debian.org/security/faq -...

4.3CVSS6.6AI score0.94281EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2006/08/14 12:0 a.m.56 views

RHEL 3 / 4 : httpd (RHSA-2006:0619)

Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for fre...

4.3CVSS6.8AI score0.94281EPSS
Exploits7References3
RedHat Linux
RedHat Linux
added 2006/08/08 7:50 p.m.49 views

Important: Red Hat Security Advisory: apache security update

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server available for free. A bug was found ...

4.3CVSS6.7AI score0.94281EPSS
Exploits7References2
OSV
OSV
added 2006/07/28 12:4 a.m.11 views

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

6.1AI score
Exploits0References71
Rows per page
Query Builder