Lucene search
K

198 matches found

NVD
NVD
added 2011/09/23 10:55 a.m.13 views

CVE-2011-2766

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

7.5CVSS6.7AI score0.07238EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2011/09/23 10:55 a.m.20 views

CVE-2011-2766

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

7.5CVSS5.9AI score0.07238EPSS
Exploits1References1
Prion
Prion
added 2011/09/23 10:55 a.m.16 views

Authentication flaw

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

7.5CVSS7.3AI score0.07238EPSS
Exploits1References11Affected Software2
Cvelist
Cvelist
added 2011/09/23 10:0 a.m.15 views

CVE-2011-2766

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

6.6AI score0.07238EPSS
Exploits1References11
CVE
CVE
added 2011/09/23 10:0 a.m.72 views

CVE-2011-2766

CVE-2011-2766 affects the Perl FastCGI module (FCGI) versions 0.70–0.73 used with CGI::Fast. The root cause is that environment variable values from one request can bleed into processing of a subsequent request, enabling remote attackers to bypass authentication by crafting HTTP headers. The issu...

7.5CVSS6.7AI score0.07238EPSS
Exploits1References11Affected Software1
Debian CVE
Debian CVE
added 2011/09/23 10:0 a.m.25 views

CVE-2011-2766

The FCGI aka Fast CGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers...

7.5CVSS6.7AI score0.07238EPSS
Exploits1
Packet Storm
Packet Storm
added 2011/03/23 12:0 a.m.28 views

Oracle fcgi-bin/echo Cross Site Scripting

Long ago, I wrote about an XSS vulnerability in Oracle fcgi-bin/echo : http://lists.grok.org.uk/pipermail/full-disclosure/2010-October/076794.html http://www.securityfocus.com/archive/1/514181 The issue may now be fixed in the latest versions of Oracle web servers:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2011/03/23 12:0 a.m.140 views

XSS in Oracle default fcgi-bin/echo

Long ago, I wrote about an XSS vulnerability in Oracle fcgi-bin/echo : http://lists.grok.org.uk/pipermail/full-disclosure/2010-October/076794.html http://www.securityfocus.com/archive/1/514181 The issue may now be fixed in the latest versions of Oracle web servers:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2011/01/07 12:0 a.m.27 views

Apache mod-fcgid stack overflow

Untrusted FCGI application may cause stack overflow...

7.2CVSS3.3AI score0.02772EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.24 views

Fedora 12 : lighttpd-1.4.26-2.fc12 (2010-7643)

Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi program split out for the first time on EL. This fixes CVE-2010-0295 and also includes a fix for upstream bug 2157 where SSL stopped working with RHEL 5.4. Note that Tenable Network Security has extracted the preceding...

5CVSS5.4AI score0.12111EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.20 views

Mandrake Security Advisory MDVSA-2009:167 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:167. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

4.3CVSS6.3AI score0.04378EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/07/06 12:0 a.m.29 views

Mandrake Security Advisory MDVSA-2009:145 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:145. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

4.3CVSS6.3AI score0.04378EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/04/15 12:0 a.m.33 views

Mandrake Security Advisory MDVSA-2009:090 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:090. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

5CVSS7.6AI score0.02396EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.23 views

Fedora Update for rubygem-rails FEDORA-2008-8282

Check for the Version of rubygem-rails OpenVAS Vulnerability Test Fedora Update for rubygem-rails FEDORA-2008-8282 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS0.0303EPSS
Exploits1References2
Fedora
Fedora
added 2008/10/16 2:2 a.m.33 views

[SECURITY] Fedora 8 Update: rubygem-rails-2.1.1-2.fc8

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

7.5CVSS1.3AI score0.0303EPSS
Exploits1
Fedora
Fedora
added 2008/09/28 6:38 p.m.20 views

[SECURITY] Fedora 9 Update: rubygem-rails-2.1.1-2.fc9

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

7.5CVSS1.3AI score0.0303EPSS
Exploits1
Cent OS
Cent OS
added 2005/10/05 4:18 p.m.124 views

perl security update

CentOS Errata and Security Advisory CESA-2005:674 Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Perl is a high-level...

1.2CVSS7.2AI score0.00387EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2005/10/05 11:48 a.m.34 views

Low: Red Hat Security Advisory: perl security update

Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system...

1.2CVSS7.2AI score0.00387EPSS
Exploits0References5
Rows per page
Query Builder