CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

CVE-2017-5850 : OpenBSD httpd is vulnerable to a remote denial of service that exhausts memory by processing a sequence of requests for a large file using an HTTP Range header. Affects httpd up to version 6.x (as described in multiple sources); patches are available: 034_httpd.patch.sig for 5.9 a...

CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...

CVE-2017-6547

Cross-site scripting XSS vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmwa...

CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...

CVE-2017-6549

CVE-2017-6549 is a session hijack vulnerability in the httpd component of ASUSWRT firmware on multiple ASUS routers (e.g., RT-N56U/RT-N66U/RT-AC66U/RT-AC68U family, RT-AC53U, RT-N12, RT-AC5300, RT-N600, and Asuswrt-Merlin variants) with firmware older than the specified versions (pre 3.0.0.4.380....

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Cross-Site Scripting Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Session Stealing Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject arbitrary JavaScript code into the router’s web interfa...

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing

Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a failed attempt to build in a logout functionality...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - ping.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Netgear DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution

!/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all versions - by manipulating the httpd config files to trick the...

MPD -- buffer overflows in http output

The MPD project reports: httpd: fix two buffer overflows in IcyMetaData length calculation...

OpenBSD httpd CPU Exhaustion Denial of Service Vulnerability

OpenBSD is a cross-platform, BSD-based UNIX-like operating system developed by the Canadian OpenBSD project. A denial of service vulnerability exists in the OpenBSD httpd daemon. An attacker can exploit the vulnerability to cause CPU exhaustion, resulting in a denial of service attack...

OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service

Advisory Information Title: Remote DoS against OpenBSD http server up to 6.0 Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html Date published: 2017-02-07 Vendors contacted: OpenBSD...

Apache Httpd < 2.4.26 : ap_get_basic_auth_pw() Authentication Bypass

Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...

Apache Httpd < 2.2.34 : ap_get_basic_auth_pw() Authentication Bypass

Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...

OpenBSD 6.0 httpd Content-Length DoS Exploit

Exploit for openbsd platform in category dos / poc Log message: Reimplement httpd's support for byte ranges. The previous implementation loaded all the output into a single output buffer and used its size to determine the Content-Length of the body. The new implementation calculates the body leng...

mod_cluster: Protocol parsing logic error

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...