CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

SUSE CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

Trend Micro Deep Security 代码注入漏洞

Trend Micro Deep Security is a suite of intelligent data protection solutions from Trend Micro. A code injection vulnerability exists in the Trend Micro Deep Security Agent that stems from an input validation error when handling directory traversal sequences. An attacker could use this...

BSA-2020-1043

Security Advisory ID : BSA-2020-1043 Component : Apache Tomcat Revision : 1.0: Final When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially...

Design/Logic Flaw

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

CVE-2009-5144

Removed by vendor...

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

Fedora 20 : mod_nss-1.0.8-28.fc20 (2013-22730)

A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context specified either via or directive. If 'NSSVerifyClient none' was set in the server / vhost context i.e. when server is configured to not request or require client...

UBUNTU-CVE-2013-4566

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

Moderate: Red Hat Security Advisory: mod_nss security update

An updated modnss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

mod_nss: incorrect handling of NSSVerifyClient in directory context

modnss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions...

mod_nss security update

1.0.8-19 - Resolves: CVE-2013-4566 - Bugzilla Bug 1030265 - modnss: incorrect handling of NSSVerifyClient in directory context rhel-6.5.z...

Fedora 15 : polipo-1.0.4.1-6.fc15 (2012-0849)

add daily cache cleanup - fix missing creation of /var/run directory bz 755198 - make sure log directory context is set correctly bz 741779 - fix denial of service vulnerability CVE-2011-3596 bz 742897 Note that Tenable Network Security has extracted the preceding description block directly from...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

mod_ssl SSLCipherSuite bypass

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

DEBIAN-CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...