CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2005-3352

The CVE-2005-3352 entry documents a cross-site scripting (XSS) vulnerability in the Apache httpd mod_imap (and mod_imagemap) module. The issue arises from improper handling of the Referer header when using image maps, allowing an attacker to inject arbitrary script or HTML. Affected software is A...

CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2005-3352

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

Apache Httpd < 2.2.2 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

Apache Httpd < 2.0.58 : mod_ssl access control DoS

A NULL pointer dereference flaw in modssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This...

CVE-2002-2131

Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. dot dot in an unknown argument...

CVE-2002-2131

CVE-2002-2131 : Perl-HTTPd before 1.0.2 has a directory traversal flaw that lets remote attackers view arbitrary files via a .. in an unknown argument. The NVD entry assigns a CVSSv2 base score of 5.0 (Medium) with network access and low complexity; confidentiality impact is partial. Red Hat’s en...

JVN#30451602 HTTPD-User-Manage cross-site scripting vulnerability

Impact A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage. Solution Products Affected HTTPD-User-Manage 1.62 and earlier...

MacOS X Finder reveals contents of Apache Web files

MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files...

OmniPro HTTPd 2.08 scripts source full disclosure

OmniPro HTTPd 2.08 suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' at the script suffix, the web server will no longer interpret it and rather send it back clearly as a simple documen...

SOCKS4 Username Overflow DoS Vulnerability

It was possible to kill the remote SOCKS4 server by sending a request with a too long username. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HTTP Negative Content-Length DoS Vulnerability

The Savant web server was crashed by sending an invalid GET HTTP request with a negative Content-Length field. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

CERN httpd Access Control Bypass Vulnerability - Active Check

CERN httpd is prone to an access control bypass vulnerability. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OmniPro HTTPd <= 2.08 Scripts Source Full Disclosure Vulnerability - Active Check

OmniPro HTTPd suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. SPDX-FileCopyrightText: 2001 INTRANODE Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CERN HTTPD access control bypass

It is possible to access protected web pages by changing / with // or /./ This was a bug in old versions of CERN web server A work around consisted in rejecting patterns like: // // /./ /./ OpenVAS Vulnerability Test $Id: cernhttpdaccessctrl.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: CE...

Oracle 9iAS Jsp Source File Reading

In a default installation of Oracle 9iAS it is possible to read the source of JSP files. When a JSP is requested it is compiled 'on the fly' and the resulting HTML page is returned to the user. Oracle 9iAS uses a folder to hold the intermediate files during compilation. These files are created in...

CERN httpd CGI name heap overflow

It was possible to kill the remote web server by requesting GET /cgi-bin/A.AAAA...A HTTP/1.0 This is known to trigger a heap overflow in some servers like CERN HTTPD. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...