12 matches found
EUVD-2011-1378
Malware in sbrugna...
EUVD-2005-3529
Malware in sbrugna...
K15273: Apache vulnerability CVE-2012-0053
Security Advisory Description protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long o...
SUSE CVE-2015-0253
The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...
BSA-2017-497
Security Advisory ID : BSA-2017-497 Component : Apache HTTPD Revision : 1.0: Final The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer...
httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
httpd: cookie exposure due to error responses
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
Cross site scripting
Cross-site scripting XSS vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171...
CVE-2005-3530
Cross-site scripting XSS vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document...
CVE-2005-3530
Cross-site scripting XSS vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document...
Apache 2.0 - Full Path Disclosure
source: https://www.securityfocus.com/bid/5485/info A path disclosure vulnerability has been reported in Apache 2.0.x. It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files such as error documents that have been mapped by the server by typ...